[jggimi]

1. Log both your pass rules as well as your block rules.
2. # tcpdump -neti pflog0 host ip.address.of.interest
   
   You will see block/pass rules applied to initial state packets for that IP address. If PF rules do not seem to point to a problem source, then use tcpdump(8) on the NIC:
3. # tcpdump -neti nic host ip.address.of.interest