Hi,

Mipam wrote:
> If the rule i'm using actually is wrong, could you please give me a hint 
> what is wrong about it?

 > line number 36: pass in on $ext_if inet proto tcp from any \
 > line number 37: to $ext_if port 55000 >< 57000 user proxy \
 > line number 38: flags S/SA keep state

in the new rc.d/pf:
 > # BEFORE: network

My guess is the following:
Your line 37 says "to $ext_if" which means "the address of interface
$ext_if". Since networking is not up at that point, the interface most
likely doesn't have an address yet or worse, doesn't even exist yet.

Regards,

ND