IPFW statefull firewall ruleset - some sites or applications do not work as expected

From: Dries Michiels <driesm_at_freebsd.org>
Date: Sat, 02 Nov 2024 15:30:48 UTC
Hello,

So I have a very basic ruleset, as described in the FreeBSD handbook, see
below. I have "blurred" my open ports as seen in the ruleset below.
Igc0 is my WAN port and in the table "trusted_if" are like my LAN if and
some bridges.

00001 reass ip from any to any in
00010 allow ip from any to any via table(trustedif)
00050 deny log ip from any to any not antispoof in
00100 nat 1 ip4 from any to any in recv igc0
00500 skipto 10000 tcp from any to any out xmit igc0 setup keep-state
:default
00501 skipto 10000 udp from any to any out xmit igc0 keep-state :default
05000 allow tcp from any to me *some open ports* in recv igc0 setup
keep-state :default
05001 allow udp from any to me *some open ports* in recv igc0 keep-state
:default
09998 deny log tcp from any to any
09999 deny log udp from any to any
10000 nat 1 ip4 from any to any out xmit igc0
65535 allow ip from any to any

Now comes the tricky part. There are some applications that don't work
correctly with this ruleset.
For example, itsme (belgium application) to identify yourself with a lot of
accounts, does not work.
Recently my banking website also stopped working. So now I'm wondering how
do I start to troubleshoot this issue?
Are there any ceavets with this ruleset when redirects are happening for
example? I'm also wondering if Belgian PF users have the same issue?£

I'm hopeful to get to the bottom of this as its quite annoying needing to
switch wifi channels to my ISP's router which does work with these
applications.

Regards
Dries