>> block in inet from 192.168.0.1 to 192.168.114.31 >> pass in inet from 192.168.114.31 to 192.168.0.1 flags S/SA keep state >> (does not work - neither pings nor TCP) > Here, you only pass the *inbound* packets; you also must > pass the outbound packets on the opposite interface.
So, single state entry affects traffic on single interface only ? >> Preferred version, because it does not affect queueing > I think you'll find the complication comes from queueing. hell, yes ... states vs queueing ... but it's another story