> This seems to work. I can ping both my external IPs. The question is, > would I have to do something like this for every rule I have? > > [root@lan-gw-001 etc]# grep -v ^# pf.conf | wc -l > 131 not unless you have 131 pass rules. -kj