If you only have one block, then the pass rule with tables is not matching. I can't tell why with the information presented here. You may be able to when you watch tcpdump traffic. It's possible your tables do not contain what you intended (you're using the const option), so inspecting table contents with pfctl(8) may be of use also.
I don't know if restarting would make a difference or not. I tend to doubt it, but then I'm not 100% sure. That's because PF on FreeBSD is a fork based on a version of PF in OpenBSD as it existed in 2007, and there has been divergence between the two PFs ever since.
|