your pf.conf is veriy similar to me .
perhaps it comes from small office
different
> > # increase default state limit from 10'000 states on busy systems
> > #set limit states 100000
mine
ext_if="urtwn0"
int_if="bge0"
tcp_services="{ 22, 80 }"
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on $ext_if inet from !($ext_if:network) to any nat-to ($ext_if:0)
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ( $ext_if:0 ) port
$tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
---
regards
