Ran into the problem that PF blocks connection sharing and was lucky enough to run across this closed thread: https://www.wilderssecurity.com/threads/resolved-privatefirewall-and-internet-sharing-ics.349447/ I wonder if anyone would have a comment on how much this would lower security to accommodate ICS. Using PF strictly for the firewall controls. The method above works btw, just remember to tick the boxes to activate the rules for desired profiles (not mentioned in the thread)...