I don't understand why you don't use the rules I proposed in one of the first posts and add the one for the firewall initiated traffic
Code:
block log (all)
pass out quick on $ext_if tagged OUT_OK
pass out on $ext_if from ($ext_if) to any modulate state tag OUT_OK
pass in quick on $int_if inet proto tcp to any port $TCP_services tag OUT_OK
pass in quick on $int_if inet proto udp to any port $UDP_services tag OUT_OK
The advantage of having a
block log (all) rule is debugging. All packets that are being blocked by pf will show up on the
pflog0 device. You can watch these packets by running tcpdump on this device:
Code:
# tcpdump -eni pflog0
Re: examples of OpenBSD pf user guide
If you are not running OpenBSD you have to be careful with using the examples from the pf user guide. That guide is up-to-date for OpenBSD only
It usually takes some time before the newest pf features available for OpenBSD, have been migrated/ported to FreeBSD.
That is why I am a little bit conservative in recommending you the latest and greatest pf features