On Tue, 5 Nov 2002, Nathaniel Fisher wrote:
> pass out quick on { lo0, enc0, $int_if } all
> pass in quick on { lo0, enc0, $int_if } all> block out quick proto tcp all flags /S > block in quick proto tcp all flags /S > pass out on $ext_if inet proto tcp from $ext_if to any \ > flags S/SA keep state You are not keeping state on int_if. Add 'keep state' to the 'lo0, enc0, $int_if' rules above. Or remove the very non-obvious 'flags /S' rules. -- Cam
