You have a default policy of block log all so as far as I can see you don't need any additional blocking rules.
You can verify this by running tcpdump on the pflog0 device and then for example do a ping from a a host on the INT1 net to one on the INT2 network.. The ping attempt should be blocked and show up in the tcpdump output.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|