Hi!

Does it make sense to create antispoof rule on external device ng0 which is connect to internet (through PPPoE) ?

Any interface with an IP on it can use antispoof.

I use only RFC1918 addresses in my internal network. Most people say that this can't be reached from the internet as it is not routed. But this is not the case with my ISP. They use RFC1918 also in their ISP backbone and theoretical could access my box. Therefore antispoofing makes sense. Of course this could not happen with a strict ruleset... But I don't see any reason to omit antispoofing if it is possible from the network layout.