Greg Donald wrote:
# ipfstat -io
Where in the ipfstat output is ident or 113? Seems like the rules where never reloaded? The line... block in quick on dc0 from 10.0.0.0/8 to any ...is before the line pass in quick on dc0 proto tcp from any to any port = 113 flags S keep state Remember that NAT happens before filtering.Either remove the quick keyword from the "block in" line or put the "pass in" before.
Just my 2 cents Best Regards, Johan
