If I place this in pf.conf:block log
pass out'pfctl -s rules' will say:block drop log all
pass out on xl0 all flags S/SA keep statewhich makes sense.

In my goofing around with pf.conf I arbitrarily decided to only pass ICMP out and constructed:block log
pass out proto icmp all

However, after a pfctl -d and then an -e, 'pfctl -s rules' reports:block drop log all
pass out on xl0 all flags S/SA keep stateNo change! ack.

What am I missing?

You must (re)load your ruleset: pfctl -f /etc/pf.conf.

You must (re)load your ruleset: pfctl -f /etc/pf.conf.nuts. You got a reply in before I could get back to delete my question. lol.

I switched from /etc/rc/pf stop/start to pfctl -d/-e and the PF FAQ at the freaking top, no less .. says after talking about the -d/-e options:to enable and disable, respectively. Note that this just enables or disables PF, it doesn't actually load a ruleset.

I'm trying to ask legit questions instead of spoon-feed me ones ..

*sigh*

:e