pfSense

I have an interface group "WANs" containing two WANs, em1 and em2. This is correct.

# ifconfig -g WANs
em1
em2

One rule on that interface group.

pass  in  quick  on $WANs  from   204.x.x.x to any keep state  label "USER_RULE: testing" 

Works fine on em2, but em1 still blocks all traffic from the specified source. Something not working there.

Jul 20 00:44:29 fw1 pf: 00:00:00.972925 rule 1/0(match): block in on em1: (tos 0x0, ttl 52, id 46106, offset 0, flags [none], proto ICMP (1), length 84)
Jul 20 00:44:29 fw1 pf:     204.x.x.x.x > 96.x.x.x.x: ICMP echo request, id 36356, seq 21, length 64