We're using OpenBSD 3.7 as a firewall (running pf) and NAT gateway in front of a LAN with some Macs. Everything worked fine, even access to Apple's System Update servers (after applying this hint.) Everything, that is, except the web access to the .Mac services. For instance, webmail.mac.com would show up only halfway and then stall.
Only after commenting out all lines in /etc/pf.conf using the scrub directive could we then login to our .Mac accounts via the web interface, and still do system updates. So the short version of this hint would be: if you want to use the OpenBSD as a firewall in front of Macs, don't activate scrubbing in pf.conf at all -- make sure all lines starting with scrub are commented out. This, of course, is against what the pf FAQ recommends on the above-linked page:
...scrubbing all packets is highly recommended practice.So maybe our security at the packet level has been diminished a little bit, but at least we can use Software Update on the Macs, and access www.mac.com sites.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20060313060515201