Firewall cant access internet

pass out on $ext_if1 keep state

Tried this now the firewall has access to the internet, but then all my clients behind the firewall cannot access the internet.

DOH!!

Is there another rule I need to pair with pass out on $ext_if1 keep state ?

pf.conf now looks like

ext_if1 = "vr1"
ext_if2 = "vr2"
int_if = "vr0"
lan_net = "10.20.25.0/24"

set skip on lo0

nat on vr1 from vr0:network to any -> (vr1)
rdr pass on $ext_if1 proto {tcp, udp} from any to any port 3389 -> 10.20.25.25

block in on $ext_if1 all

pass out on $ext_if1 keep state

antispoof quick for { lo $int_if }