# MACROS
vm_ether = "vic0"
friends = "{ 87.248.113.14, 129.128.5.191, 209.85.175.147 }"
# DEFAULT DENY
block in on $vm_ether all
pass in on $vm_ether from $friends to any
#block out all
I had the filtering rules above and it should block the incoming packets from any IP addresses except from the macros friends but i still able to get ping reply packets other from $friends. Why?