>>> On 19 July 2007 at 23:52, in message <[EMAIL PROTECTED]>, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2007/07/19 15:38, Gordon Ross wrote: >> Cutting down the pf ruleset to the bare minimum, I have: > > Might be below the minimum; there's no explicit "pass out".
No, the packets get out the "other side" of the OBSD box to the destination, it's the return packets that get blocked. > There's an implicit one, but I suspect it might not be keeping > state (though the default as of 4.1 is to keep state, I suspect > this _may_ apply only to rules configured by pfctl and not implicit > ones). And if that's the case it won't permit the return traffic. This is my problem - the return traffic is not being allowed back in. Surely I don't need to write explicit "pass in" rules for the return packets ? Or have I missed something really silly/obvious ? > I would have a look at http://www.openbsd.org/faq/pf/tagging.html > before you start writing much more. Noted. However, it's not going to help me right now :-( Thanks, GTG
