> The rule in pf is that the last pass/block match wins, unless you
> say otherwise with "quick". 

Indeed. It's something that is too easy to forget when you try things.
I had it right before, but got the order of the lines wrong as part
of trying to get it to work. Thanks for the correction.

I feel less stupid now, as it turns out I had gotten it right
after all (in an earlier version of the config), the problem
seems to lie with either my ADSL modem or my ISP dropping
packets to port 80 - connections to port 8080 (or anything
except 80) works OK. Sounds like a broken web cache...


