> whereas, a state should be created by this rule: > pass out quick inet from any to 209.51.181.2
Not sure how this fits together with your second post where you say that you can ping6 from the outside, but depends also on your other rules. What you need to allow is proto 41 (ipv6) between the two tunnel endpoints of your GIF tunnel (between 12.158.188.186 and 209.51.181.2 in your case), and in both directions. For me, with "block in all/pass out all" default rules, a rule like this works fine: pass in on $ext_if proto ipv6 from $server_ip to $my_ip > traffic on gif0 is skipped, but it shouldn't matter Are you sure that you really want this? That way you allow all traffic via IPv6 in, which means no filtering at all for IPv6. So the world can probably access more than you think... Tas.
