How about this? Btw. default options can be left out, makes the rules even simpler to write...
Since you are "scrubbing" everything the same way, try too keep it simple, not sure if just "scrub" would work too, but try it. If not, "scrub in" and "scrub out" will work. "fragment reassemble" is default value so no need to specify it. "all" is default value too... Simple NATing example: ext_if="vr0" scrub nat on $ext_if from !($ext_if) to any -> ($ext_if) pass in log pass out log That NAT rule works for me. If thats not the complete pf.conf it would help to see the whole.
