RE: LOCAL HOSTS DON'T... You can use the "user" or "group" criteria to identify the facility/service (daemon) and tag their packets accordingly.
# pass in inet proto tcp from any to any port 80 \ user <FacilityDaemonID> tag MYTAG \ keep state ... pass out ... tagged MYTAG # You may be able to further refine the any/any criteria. -----Original Message----- From: Stefan Schulze Frielinghaus <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: pf tag/tagging and packages from localhost Date: Sat, 23 Feb 2008 19:59:54 +0100 Mailer: Evolution 2.12.3 (2.12.3-1.fc8) Delivered-To: [EMAIL PROTECTED] But that rule makes me a headache. I can't use "tagged" (or at least I don't know how to do it) because packets from localhost don't run through an input chain and I can't tag them.
