I also forgot to mention:

You should probably log your block rule so that you can see what's going on if 
things don't work as expected.

So:

block in log on $ext_if

Note the lack of "quick" as well, as previously mentioned.

With logging enabled, provided you have pflog running (which you should), you 
can use the following to see what's being blocked.

tcpdump -n -e -ttt -i pflog0  (provided pflog0 is your pflog interface).

Regards,

Mike

Attachment: PGP.sig
Description: PGP signature

Reply via email to