> I'll ask a question rather than give you the answer directly ... Ignoring
> PF for a moment, how would broadcast packets (of any variety) get from the
> internal to external interface?
>

I'm not an expert in the inner workings of TCP/IP and the only way for me to
learn is to ask stupid questions that hopefully get read by someone willing
to explain it to me.
To me there is really no difference between the address 255.255.255.255 and
any other address outside my private network. I _know_ 255.255.255.255 _is_
different because someone who designed the TCP/IP-stack decided it would be
and the answer to my question is probably that this special address
therefore _is_ handled differently. But right now, with my limited
knowledge, I can't see why a packet destined to 255.255.255.255 would be
treated any differently by my NATing and forwarding OpenBSD router than any
other package destined for an address on the outside of my external
interface. I _do_ understand that a package destined to 192.168.0.255
ofcourse would stay inside my private network and if _this_ is how netbios
broadcasts, well then I have the answer there.
The only reference I have on this particular matter is from my old Netgear
RT314 router which provided the exact same functions. In this router there
_were_ by default several filters applied which removed incoming and
outgoing netbios requests. This is why I assume I need to block the same
traffic in PF. If this assumption is flawed I would appreciate very much to
learn why and if this is something proprietary to OpenBSD or if my Netgear
router implemented NAT and forwarding in an non-standard way.

Kind regards
PP