Matt Morrow <[email protected]> writes: > Sweet, thanks much! Keep state resolved it.
Good to hear you found the solution. The solution does however amplify my earlier point about upgrading to a newer release, if only to make it easier for people you ask for help: 'keep state' has been the default behavior since 4.1 (the sensible default), and it sometimes takes a while to remember that far back. On a modern system, the rule set internal = iwn0 external = re0 pass in quick on $internal pass out quick log on $external actually loads as (pfctl -vf) internal = "iwn0" external = "re0" pass in quick on iwn0 all flags S/SA pass out log quick on re0 all flags S/SA - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
