PF randomness
Problems with aggressive randomness injection

Applications that requre specific source ports/addresses
r* utilities (source port < 1024)
IKE/ISAKMP implementations (source port 500)
Silly web applications (static source address)
Protocols that authenticate parts of the packet header
TCP MD5
IPSec AH
Applications that use packet information within the protocol
H.323
FTP
Firewall reboots can destroy the randomness mapping