hi
you only tag the package to port 1194 in both case and you are allowing only
tagged packaged to ports 22, 80, 443
David
2005/11/11, Karl-Heinz Wild <[EMAIL PROTECTED]>:
>
> I try to tag a connection on the wan_if and
> accordingly on the tag I'll restrict the
> access on an other interface like.
>
> an example ...
>
> pass in quick on wan_if proto tcp from <nuser> to port 1194 tag NORM
> keep state
> pass in quick on wan_if proto tcp from <puser> to port 1194 tag POWER
> keep state
>
> pass in quick on tun_if to port { 80, 443 } tagged NORM keep state
> pass in quick on tun_if to port { 22, 80, 443 } tagged POWER keep state
>
> ...
>
> but I don't know why. It doesn't work.
> I thought that works.
>
> I ask for advice.
> Thanks
>
> Karl-Heinz
