Ah, this must be the case. Thanks.
On Mon, Jul 29, 2002 at 08:45:13AM +0200, Daniel Hartmeier wrote:
> On Sun, Jul 28, 2002 at 10:49:44PM -0700, mike schiffman wrote:
>
> > pass out proto tcp from any to any flags S/SA keep state
>
> Try
>
> pass out fr
Forgive me if this is already known, but apparently pf drops certain outgoing
IP packets built using the raw socket interface. I've traced it to ip_output.c
where two pf_test() calls are made -- I'm not sure which one results in the
drop, but both of them return EHOSTUNREACH (No route to host).
