My highly selective and specialised rules :) are:

% ipfstat -io
pass out on lo0 from any to any
pass out on ne0 from any to any
pass out on ne1 from any to any
log out on ne0 from any to any
pass in on lo0 from any to any
pass in on ne0 from any to any
pass in on ne1 from any to any
log in on ne0 from any to any

and I included the following options in my kernel:

options	IPFILTER
options	IPFILTER_LOG
options	IPFILTER_DEFAULT_BLOCK

Network interfaces and routes come up correctly. If I disable ipf with
-D I can ping/ftp etc from that machine out, but not when it is
enabled. Then I get "no route to host". DEFAULT_BLOCK stops any
packets that don't match the rules, but I don't see what they might
be.

Can anyone shed some light on this?

Cheers,

 Patrick