On Sun, Feb 02, 2003 at 11:16:31AM +0100, Cedric Berger wrote: > >this rule loads, though I cannot see all (or any) of the traffic that > >would be viewable on ext_if with tcpdump. pflog reveals nothing either > > > Is this rule the LAST one that matches your input packets? > Are you sure there is no "quick" rule before?
Also, in case you are filtering statefully, this rule might not match any incoming packets on the external interface. For instance: pass in on $ext_if dup-to ... pass out ... keep state pass in ... keep state The dup-to rule would not be last-matching for incoming connections (they'd match the 'pass in ... keep state' rule last, and incoming replies to outgoing connections wouldn't match it at all. In this case, you'd have to add the dup-to option to the other rules instead. Daniel
