alex wilkinson wrote:
pass in log quick on tun0 proto tcp from any port = www to any keep state pass in log quick on tun0 proto tcp from any port = https to any keep state
Well, that seems proper. However, this is just a guessing game since you're not posting your entire ruleset :-/
Somewhere in your ruleset (specifically, rule #1 as per the pflog output) return packets coming in on tun0 are being dropped. That's why your stuff isn't working, not because of the flags you're matching on.
.joel
