Mar 17, '06 05:32:00AM • Contributed by: patsch
Only after commenting out all lines in /etc/pf.conf using the scrub directive could we then login to our .Mac accounts via the web interface, and still do system updates. So the short version of this hint would be: if you want to use the OpenBSD as a firewall in front of Macs, don't activate scrubbing in pf.conf at all -- make sure all lines starting with scrub are commented out. This, of course, is against what the pf FAQ recommends on the above-linked page:
...scrubbing all packets is highly recommended practice.So maybe our security at the packet level has been diminished a little bit, but at least we can use Software Update on the Macs, and access www.mac.com sites.
