Thank you for your replies so far. Interestingly enough, killing off stateful filtering seems to have done the trick.
The router happens to be running BGP along with another couple of OpenBSD boxes also running BGP. After much extensive digging, I eventually found this little paragraph from Claudio Jeker hiding deep in the internet....... "I generally do not filter on core routers because of the asymetric routing. Stateless filtering works OK to block the martians and other unwanted traffic at the boarder but keep the ruleset as minimal as possible." Claudio Jeker Sat, 30 Jan 2010 05:01:26 -0800 So thank you Claudio ! :) Perhaps I can humbly suggest that the powers that be consider adding this sort of useful information to the FAQ or docs, because it would have saved me many, many hours of frustration and confusion. At the moment, the FAQ and docs are written from the point of view of a single-homed stub system with a simple default route to an ISP router. It would be nice to see more consideration for more advanced applications of OpenBSD where stateful filtering might not be such a Good Thing (TM) as the docs and FAQ make it out to be. Also, while I've got your attention. There's not much information at all as to the benefits/disadvantages of using sloppy states vs no states.
