View Single Post
  #2   (View Single Post)  
Old 5th January 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
Join Date: May 2008
Location: USA
Posts: 7,106

Your list of destination ports to pass might be too restrictive. For example:
# WiFi -> LAN
pass in on $WIFI_IF inet proto icmp from $WIFI to $LAN icmp-type $ICMP_TYPE tag WIFI_LAN
pass in on $WIFI_IF inet proto udp  from $WIFI port $PORT_UNPRIV to $LAN port 33433 >< 33626 tag WIFI_LAN
Whether or not this is the problem, if you add the log option to your block rules, you should be able to determine why your desired traffic is not matching your pass rules by using tcpdump(8) with pflog(4).
Reply With Quote