On 2010/10/03 14:24, Peter GILMAN wrote: > > Marcus Larsson <[email protected]> wrote: > > > On Tue, Sep 21, 2010 at 10:25:11PM -0400, Peter GILMAN wrote: > > > > > can anybody see what i'm missing? i'd love to score some points > > > for openbsd at my job (and i'll fall back to 4.6 if i have to) but > > > i'd really love to get this working with 4.7. any insight would be > > > much appreciated. > > > > Hi > > > > You need to allow the traffic out on em1 (I assume traffic to > > $dsan01_grp_ip goes out via that interface). > > > > pass out on $int_if inet proto tcp from any to $dsan01_grp_ip > > port 80 > > no; according to the man page for pf.conf, "if no rule matches the > packet, the default action is to pass the packet."
this is true, but note that the implicit "pass" rule does _not_ keep state.
