I guess what you want would be a 'route-replies-to' option, similar to
'route-to', but applying to packets that flow in the reverse direction
as the initial packet of the connection that created state.
Then you could just say
rdr on de0 inet proto tcp from any to 195.200.200.201 port http \
-> 192.168.0.100 port http
pass in quick on de0 route-replies-to de0 inet proto tcp \
from any to 192.168.0.100 port http
The replies from the web server to the client would go to the interface
with the default gateway (tun0, when it's active), but pf would then
find the state and the rule that created it, and re-route the packet out
through de0.
I'm not sure this is a common enough case to warrant the extention, but
it kind of makes sense to me. Any opinions? :)
Daniel
