On Wed, 19 Nov 2003 11:42:15 -0500, Marc Ozon <[EMAIL PROTECTED]> wrote:
> # because it's recommended to filter only on one bridged interface...
> pass in quick on { qe1, qe2 } all (1)
> pass out quick on { qe1, qe2 } all (2)
>
> # for authpf
> block in log on { qe0 } from any to any (3)
Your packets are not physically using the qe0 interface to reach your gateway.
Rule (3) is, probably, irrelevant in this case since packets from qe1 and qe2 and
being routed directly by the kernel network stack. Someone, please, corrects me if I
am wrong..
Tiago
--
Tiago Pierezan Camargo <elessar at matrix.com.br>
(o_.' The boozy penguin says:
//\c{} "VI VI VI The editor of the beast."
V__)_
