PF I can't connect to the server with SSH after enabling PF

[hack3rcon]

Hello,
The /etc/pf.conf file looks like this:

set block-policy return
set fingerprints "/etc/pf.os"
set skip on lo0

# Allow all outgoing traffic
pass out all

# Allow incoming SSH (optional)
pass in proto tcp to port 22

# Block everything else by default
block in all

The following command doesn't show me any errors either:

$ sudo pfctl -f /etc/pf.conf

Finally, I did:

$ sudo service pf start

But my SSH connection was lost. Why?

Thank you.

 

[atax1a]

when you start the service, there is no entry for your SSH connection in the pf state table. enabling the firewall thus makes the connection time out. also, pf is last-match-wins, so you end up blocking everything with the block in all at the end. If you move the block line earlier, enabling the firewall will still cause a timeout, but you should be able to get back in afterwards.

 

[Eric A. Borisch]

You can use the ‘quick’ modifier (see the man page) to make a rule “win” over later rules, if you like that organization of rules.

But general, PF likes rules ordered from generic (block in all) to specific (pass in proto tcp to port 22).