I have a simple ipf.rules setup. My interface is fxp0 but when I have that in my config file, it blocks everything. I can't ping or shell in.
So I tried to fix it by changing the fxp0 part to any. I was able to login but I noticed that it wasn't reflecting my successful logins (ssh) in ipfstat -ih. I changed the ping and ssh rules to block instead. They didn't block. So as far as I can tell, the any part for the interface really did nothing for me except allow everything in. Any ideas?
Code:
pass in quick on lo0 all
pass out quick on lo0 all
pass out quick on fxp0 proto udp from any to 10.10.10.1 port = 53 keep state
pass out log quick on fxp0 proto udp from any to any port = 67 keep state
pass in quick on fxp0 proto icmp from any to any icmp-type 8 keep state
pass in quick on fxp0 proto tcp from any to any port = 22 flags S keep state
block in log first quick on fxp0 all
block out log first quick on fxp0 all
So I tried to fix it by changing the fxp0 part to any. I was able to login but I noticed that it wasn't reflecting my successful logins (ssh) in ipfstat -ih. I changed the ping and ssh rules to block instead. They didn't block. So as far as I can tell, the any part for the interface really did nothing for me except allow everything in. Any ideas?