Thank you for the insight. This mean for me I can't use this approach for
the router itself because the IP is dynamic.

Torsten

On Tue, 14 Sep 2004, Laine Stump wrote:

> At 08:04 AM 9/14/2004, Torsten Sadowski wrote:
> >and I would expect these rules to allow my router access but unfortunately
> >they don't.
> >pass out        quick   on ippp0 proto tcp/udp  from 127.0.0.1/32 to any
> >keep state
> >pass out        quick   on ippp0 proto icmp     from 127.0.0.1/32 to any
> >keep state
>
> Packets sourced from your router will not have 127.0.0.1 as their source
> address if their destination is somewhere other than the router itself.
> They will have the address of the router's external interface.
>
> So you will never see packets with source (or destination) of 127.0.0.1 on
> ippp0, only on lo0.
>
>
>