On 10/13/2013 6:02 PM, Rob Fraser wrote: > would this work ? > > block in on lo0 from lo0 to lo0 > block out on lo0 from lo0 to lo0 That reduces to "block on lo0", which you almost certainly do not want on a running system. :)