Steve Welham wrote:
The block policy only applies to the "block" rule. In this case the icmp unreachable is matching state since it is corresponding icmp traffic as noted in the PF FAQ http://www.openbsd.org/faq/pf/filter.html#state
That indeed makes a lot of sense :) Thank you both for your time ! -- Joris Van Herzele "Brad Pitt + Albert Einstein = Dick Cheney" - The Simpsons EABF09
