Julian

Thanks for being helpful..

> I've found that using groups makes my ipf rules much easier to create/follow.
> I only do this by interface (you could get more complexx), for example:
>
>   # Internal interface le0, addresses 81.2.110.32/27
>   # Default inbound is block and log everything
>   block return-icmp(filter-prohib) in log level local6.info on le0 from any to any head 110
>
>   # Allow any connections from our addresses
>   pass in quick from 81.2.110.32/27 to any keep state group 110



I'll have a look at this and think about it.  Looks as though your
understanding of IPF is something like my own understanding of
iptables.

Thanks



Richard