Configuring PF

[chip]

> quickly see what's up.  When PF is disabled, I can nmap it in about 9
> seconds.  When I turn it on, it takes over 3 minutes to do.  These
> machines are on the same network, so the connection is obviously fast.

I believe this is becuase nmap is having to wait on the connections to
time out.  If you tell PF to 'reject' instead of 'drop' it may go a
bit faster.

-- 
Just my $.02, your mileage may vary,  batteries not included, etc....