What happens when your configuration does not behave as you expected it to? It is possible there is an error in the rule set's logic, and if so you need to find the error and correct it. Tracking down logic errors in your rule set can be time consuming and could involve manually evaluating your rule set, both as it is stored in the pf.conf file and the loaded version after macro expansions and any optimizations.

Before diving into the rule set itself, you can easily determine whether the PF configuration is what is causing the problem. Disabling PF by running the command pfctl -d to see if the problem disappears is a valid test that can save you a lot of trouble.

On the mailing lists, news groups, and other forums, we frequently ...