On Fri, Mar 07, 2003 at 05:22:23PM -0500, Peter Gorsuch wrote: > Connections to port 12002 occur between net2 and net3, > which should only allow port 42.
Show us the state entry (from pfctl -vvss output) that passes the connection, then the corresponding rule (pfctl -vvsr, for the rule number in the state entry). I don't see which rule would allow the connection, make sure you have pf enabled (pfctl -si must say 'Enabled') and you've actually loaded the ruleset (check pfctl -sr output). Daniel