On Sun, 17 Oct 2004, Andrey Nepomnyaschih wrote: > int_if=fxp0 > ext_if=fxp1 > > block in on $int_if > pass in on $int_if inet proto tcp from $int_if:network to any flags > S/SA keep state > > block out on $ext_if > > But it doesn't work as pf blocks the packet as it leaves the extrernal > interface.
State only works on the interface on which it was created. You will need another keep state rule on the external interface allowing packets out. Oliver. -- Oliver Humpage ICT Co-ordinator, Watershed Media Centre -- +44 (0)117 9276444 E-mails received are assumed to be for my attention, to do with as I wish. No responsibility is accepted if communications are sent to me in error. This disclaimer has as much legal status as yours.
