> Yes, thank you. I also still mean that pf(4) should not care about > packets going 'out' of an interface, only in, but let's kill this > thread.
Again: traffic can originate on the firewall box. Since this traffic never passes inbound on an interface, filtering MUST be done on the outbound direction. (ie - transparent proxies). -kj
