Len Conrad wrote:
>
> pass in quick on $ext_if inet proto tcp from any to $ext_if port smtp keep
> state
Be aware that there is an implied "flags S/SA" added to your rule, so it
only matched initial SYN packets.
> and the last rule is:
>
> block in log on $ext_if from any to $ext_if, which lo
pf doing host security
not a whole of rules, and all is working well.
an early rule is:
pass in quick on $ext_if inet proto tcp from any to $ext_if port smtp keep state
and the last rule is:
block in log on $ext_if from any to $ext_if, which logs as:
rule 33/0(match)
in spite of the pass i