On Fri, May 23, 2008 at 1:37 PM, Stephan Andreas <[EMAIL PROTECTED]> wrote: > Default is block in and out on $ext_if. > Is it a problem with the bridge?
yes, bridges tend to do funny things. in any case add 'log' to your default block rule and check ''tcpdump -n -e -ttt -i pflog0'' (i read it in the official docs BTW) and it should tell you on which interface and which way (in or out) the packet was blocked. i have my external interface and the DMZ interface in the bridge, i'm passing all traffic on dmz interface and do filtering only on external interface. HTH -- For far too long, power has been concentrated in the hands of "root" and his "wheel" oligarchy. We have instituted a dictatorship of the users. All system administration functions will be handled by the People's Committee for Democratically Organizing the System (PC-DOS).
