On Wed, Jul 30, 2003 at 11:58:32PM +0200, Mark Bojara wrote: > block out on vlan1 from any to 196.34.165.210 > pass out on vlan1 proto tcp from any to 196.34.165.210 port 22 > pass out on fxp0 from 196.34.165.210 to any keep state
I'm not entirely sure, but the assumption that the same packet will be filtered both on the real and the vlan interface (in both directions) might just be wrong. When you use just this ruleset pass log all and ping through the vlan interface, do you see the echo requests and replies getting logged on both interfaces? Daniel
