From: Daniel Hartmeier <[EMAIL PROTECTED]> The source address/port translation indicates you're also using NAT. Are you sure the NAT rule matching this connection doesn't have a 'tag xyz' option? It would apply AFTER the 'pass in on fxp0' rule, and overwrite the tag.
Daniel Thanks Daniel, that indeed turned out to be the case - I can now do what I really wanted to do: tag by userid. I didn't notice the nat tag using pfctl -gsr and had to do pfctl -gsn to see it.
