On 2007/07/19 15:38, Gordon Ross wrote: > Cutting down the pf ruleset to the bare minimum, I have:
Might be below the minimum; there's no explicit "pass out". There's an implicit one, but I suspect it might not be keeping state (though the default as of 4.1 is to keep state, I suspect this _may_ apply only to rules configured by pfctl and not implicit ones). And if that's the case it won't permit the return traffic. I would have a look at http://www.openbsd.org/faq/pf/tagging.html before you start writing much more. I also find the ruleset a lot easier to read when I leave out "keep state" keywords.
