I don't actually have any other rules at all after it, that was the
last rule and I haven't have quick anywhere...
I am keeping things as simple as possible and get things up and
running first, then I am tightening everything up.
Here's the whole of my pf.conf:
nat_if = "pppoe0"
www_if = "pppoe1"
set skip on {lo rl0}
match out on $nat_if inet from <users> nat-to ($nat_if:0)
pass # to establish keep-state
pass in log on $www_if \
inet proto {tcp udp} \
reply-to ($www_if $www_if)
# By default, do not permit remote connections to X11
#block in on ! lo0 proto tcp to port 6000:6010
