thanks Rmkml I also started to debug with clasicall method , checking out the rule options which i have put with great enthusiasm to do the job as it must be done :(
queue is must, bandwith is also. scrube didnot change anything , modulate is not for inbound rules But i had to disable S/SA flags :( problem may be solved, i dont distinguish who is comming in any more :) as the nature of PF, S/SA is right thing to do. but in man pages , I had noticed it may break some connections for specific os plaoform and connection types. like sne hosts send Tcp RST for begginning of comminication. The problem is seemed to be solved now thank yo when i enable S/SA, i get blocks with "bad cksum 0! "
