Team,
I have aFBSD FreeBSD box (9.1-RELEASE) behind a corporate firewall. I wanted to use PF to restrict access tor my box.
I have the following rules in pf.conf:
and rc.conf:
I would like to enable SSH from outside.
This ruleset works but after say seven or nine days I am not able to connect to the box. Once I disable the rules using
Any idea, or is there an issue in the ruleset?
I have a
I have the following rules in pf.conf:
# cat pf.conf
Code:
#Macros
my_int = "rl0"
tcp_services = "{ ssh, http, domain, ntp }"
udp_services = "{ domain, ntp}"
# Let's just trust localhost
set skip on lo
#Scrub
scrub in all
# By default, we will block everyone and everything coming in
block in all
block return
# Keep state for oit
pass out keep state
# accept ssh sessions
pass in on $my_int proto tcp from any to any port $tcp_services keep state
# Outgoing traffic is OK, here we keep state so returning packets
# are accepted too.
pass out on $my_int proto tcp to any port $tcp_services keep state
pass out on $my_int proto udp to any port $udp_services keep state
Code:
#enable firewall
pf_enable="YES" # Enable PF (load module if required)
pf_rules="/etc/pf.conf" # rules definition file for pf
pf_flags="" # additional flags for pfctl startup
pflog_enable="YES" # start pflogd(8)
pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
pflog_flags="" # additional flags for pflogd st
I would like to enable SSH from outside.
This ruleset works but after say seven or nine days I am not able to connect to the box. Once I disable the rules using
pfctl -d
or restart the box, everything works smoothly.Any idea, or is there an issue in the ruleset?