I am tearing my hair out here.

Going right back to the basic troubleshooting and not even documenting 
the end goal... I have a m0n0 with OPT1 interface which is attached to 
an ADSL router on a /30.  I can ping out of it fine, setting a static 
route to a host to make sure it goes out of the right interface.  I can 
ping the IP of the ADSL router from other hosts.  However, no matter 
what rules I set up, I always see it blocked in the firewall log.  I 
have a rule on WAN to let everything pass to OPT1 subnet (as suggested 
ages ago to get it to work as an IPSEC VPN endpoint).

I have used several rules, individually and combined, on OPT1 to let 
everything through, to let ICMP through the IP of OPT1 and several other 
attempts.  I have moved these rules to the WAN interface where they do 
exactly as I expect, moving them back to OPT1 has absolutely no effect - 
any traffic I want to be dealt with on OPT1 is just blocked.

I know it's the default rule doing this because when I tell the logs to 
stop logging stuff blocked by the default rule, they stop appearing...

I already have another m0n0 doing exactly this role which works fine and 
the configs seem identical (hardware aside).

If anybody has any ideas or knows of any bugs in the rule ordering and 
knows how to get around this, please help me, I'm absolutely baffled!

Cheers,

Kev