<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 2/04/2020 5:39 AM, Larry Moore
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:eef52149-7a89-4ff3-da95-e415419a921c@starwon.com.au">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <div class="moz-cite-prefix">On 2/04/2020 5:28 AM, Mark Boyce
        wrote:<br>
      </div>
      <blockquote type="cite"
        cite="mid:27B99609-B184-4EE8-AF6C-139F42B14787@darkorigins.com">
        <meta http-equiv="Content-Type" content="text/html;
          charset=utf-8">
        On 1 Apr 2020, at 22:14, Greg Troxel <<a
          href="mailto:gdt@lexort.com" class="" moz-do-not-send="true">gdt@lexort.com</a>>
        wrote:<br class="">
        <div>
          <blockquote type="cite" class=""><br
              class="Apple-interchange-newline">
            <div class=""><span style="font-size: 10px; font-style:
                normal; font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline !
                important;" class="">I think you need to use </span><span
                style="font-size: 10px; font-style: normal;
                font-variant-caps: normal; font-weight: normal;
                letter-spacing: normal; text-align: start; text-indent:
                0px; text-transform: none; white-space: normal;
                word-spacing: 0px; -webkit-text-stroke-width: 0px;
                text-decoration: none; float: none; display: inline !
                important;" class="">tcpdump and turn up firewall
                debugging.</span></div>
          </blockquote>
        </div>
        <div class=""><br class="">
        </div>
        sngrep is your friend …My bet is UDP vs TCP on firewall rules
        :-)
        <div class=""><br class="">
          <div class="">
            <div style="color: rgb(0, 0, 0); letter-spacing: normal;
              text-align: start; text-indent: 0px; text-transform: none;
              white-space: normal; word-spacing: 0px;
              -webkit-text-stroke-width: 0px; word-wrap: break-word;
              -webkit-nbsp-mode: space; line-break: after-white-space;"
              class="">
              <div class="">
                <div style="orphans: 2; widows: 2;" class="">Mark</div>
              </div>
            </div>
          </div>
        </div>
      </blockquote>
      <br>
      Or the stateful entry still exists when the table entry is
      updated.<br>
      <br>
      Does your script also issue a command to kill existing states from
      that host after it has updated the table, e.g.  pfctl -k
      45.143.220.235<br>
      <br>
      Larry.<br>
      <br>
    </blockquote>
    <br>
    Hmm, missed that in your original post. Could 'pfctl -K' be of help,
    I would suggest either removing 'quick' from your 'pass' rule or
    placing that line after the 'block' rules.<br>
    <br>
    Larry.<br>
  </body>
</html>