A valid point. When fwbuilder was recommended to me, the recommendation really didn't make clear just how great a degree of overkill fwbuilder was for what I wanted to do, and -- mea culpa -- I didn't read through the whole site before I started installing it. All I wanted was something to do a sanity check for me just to make sure I hadn't done something really stupid in my pf rules.
(Incidentally, it turns out my error was in telling pf that the real external interface, ppp0, was ext_if instead of tun0. I now have it at least partly working, but I'm not out of the woods yet -- ny nat rule is working, so I can originate connections from inside the firewall, but my rdr rules aren't, so I can't originate connections from outside.)
no subject
(Incidentally, it turns out my error was in telling pf that the real external interface, ppp0, was ext_if instead of tun0. I now have it at least partly working, but I'm not out of the woods yet -- ny nat rule is working, so I can originate connections from inside the firewall, but my rdr rules aren't, so I can't originate connections from outside.)