on current 20 may ext->gw->int block match in proto tcp to (self) port 23 rdr-to 192.168.2.2 tag PASS pass tagged PASS
-connection established(its bug?) block tag ANYTAG match in proto tcp to (self) port 23 rdr-to 192.168.2.2 tag PASS pass tagged PASS -connection rejected(is absurd, and therefore cant be bug) ps: sorry for english
