Hello again.
I have tried to make sense of your configuration file and your log output. I have failed. There are too many odd macros, the tcpdump log is too sparse, it is unclear what IP addresses are the routers, and the pass definitions are so complex I cannot tell what is intended to be passed.
I can confirm that rule #2 is your block all rule. I assume that you are matching this rule because the traffic does not match any of the pass rules.
You don't appear to have rules for passing port 6009 or port 135. But you might. I just can't tell. The file is too hard for me to read.