> You could also replace the above with "pass in on $lab02 received-on $lab01".
Oh, I completely missed the 'received-on' statement in the OpenBSD pf.conf man page! (I have to support a pfSense for the moment so I'm alternating between the OpenBSD and FreeBSD man pages [the latter does not support 'received-on']). It looks like 'received-on' would be a cleaner and shorter way to achieve my goal by allowing me to specify inbound and outbound interfaces in the same rule. Thanks! -Martin
