Add parentheses around $ext_if IP address in the rules

But not around $int_if, because the user should reload the pf rules if
the IP address of the internal interface changes, and she may need to
modify the configuration of other modules too, such as dhcpd.

config/etc/pf.conf

@@ -102,8 +102,8 @@ pass in log on $int_if proto tcp from $int_net to $int_if port { www, https }
 pass in log on $int_if proto { tcp, udp } from $int_net to $int_if port { domain, bootps }
 
 # UTMFW proxies
-pass out log on $ext_if proto tcp from $ext_if to port $im_ports
-pass in log on $ext_if proto tcp from port $im_ports to $ext_if
+pass out log on $ext_if proto tcp from ($ext_if) to port $im_ports
+pass in log on $ext_if proto tcp from port $im_ports to ($ext_if)
 
 # ping
 pass in log on $int_if proto icmp from $int_net
@@ -117,7 +117,7 @@ pass in log on $int_if proto tcp from $int_net to !$int_if port imaps
 #pass in log on $int_if proto { tcp, udp } from $int_net to port { isakmp, 4500 }
 
 # OpenVPN
-#pass in log on $ext_if proto { tcp, udp } to $ext_if port 1194
+#pass in log on $ext_if proto { tcp, udp } to ($ext_if) port 1194
 #pass log on $openvpn
 
 # File sharing applications