Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016
Prev		Next

Pitfalls: in, out, on

If you write

pass in inet proto tcp on re1 from re1:network to re0:network \
     port $ports keep state

then you also need

pass out inet proto tcp on re0 from re1:network to re0:network \
     port $ports keep state

but do you actually mean

pass inet proto tcp from re1:network to any port $ports keep state