On Thu, Dec 05, 2002 at 11:07:26AM -0600, James Nobis wrote:
> #antispoofing
> antispoof log quick for { $IntIF, $ExtIF } inet
>
> antispoof log quick for $ExtIF inet expands to:
> @1 block in log quick on ! xl0 inet from 24.243.208.225/20 to any
> @2 block in log quick inet from 24.243.208.225 to any
it's required to pass on lo0 with antispoof. This is crystal clear
documented in the manpage, though unfortunately that was added after 3.2 was
released.
so just
pass in quick on lo0 all
pass out quick on lo0 all
somewhere far up in your ruleset. before antispoof.
