> >>On Jun 6, 2005, at 9:27 AM, Jason Dixon wrote: ..> >>> Try the following rule: > >>> > >>>pass on rl0 keep state
i've a limited experience with a bridge so far, but what about, say: --bridgename.bridge0-- add rl0 add rl1 rule pass in on rl0 tag rl0 rule pass in on rl1 tag rl1 up ---------------------- --pf.conf-- pass out tagged rl0 keep state ----------- which would essentially create a state entry based on the packet leaving rl1. a friend of mine setup a bridge recently, and we had increased success by tagging in on each component iface with a unique tag, and then keeping pf.conf only concerned with tags and not concerned with 'on <iface' anythings. jared - [ openbsd 3.7 GENERIC ( may 29 ) // i386 ]
