Finally, the solution has been the next rule:
pass quick on $bridge inet proto {tcp, udp } from any to
$webserver \ port { 80, 443 } keep state (tcp.finwait 3, tcp.closed
5) \
allow-opts
I tend to think that the real guilty are the routers with Window$ TCP/IP
based stack from this particular ISP (the rare behavior only happens
with one particular ISP connections clients)
Two conclusion about it:
- What amount of shit devices there are out there in common ISPs! It's
the second case I suffer these kinds of problems because of the poor
TCP/IP implementation of the self-called "corporate routers".
- What powerful PF is!
--
Thanks,
Jordi Espasa Clofent
