I have a device group (green) of vlan8 and its parent em0, a table
<intra_nets> with the nets of both devices and following rules:
----------------
pass in on green from <intra_nets> to <intra_nets> \
tag GREEN_GREEN $tcp_options
...
pass out quick on green tagged GREEN_GREEN $tcp_options
----------------
Why are packets between vlan8:network and em0:network blocked?
The tagging seems to work, because a label counter on the 2nd rule
shows that its inspected.
pings with an own pass rule
pass quick inet proto icmp all icmp-type echoreq keep state
are not blocked.
Other traffic to/from those 2 nets flows as expected.
Axel
---
axel....@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @
chaos claudius
