PF [Resolved] What's wrong with my rulesets? I am ssh blocked out

J

jazzi

Hello,
I am quite new to firewall and just enable pf with the following rulesets, however I am totally blocked out, can not ssh to the server, please help to take a look. Thanks.

cat /etc/pf.conf

Code: 
local_network="192.168.3.0/24"
#anchor "ftp-proxy/*"

block in
pass out

# allow ssh connection  from specific ip
pass in on egress proto tcp from 192.168.3.201 to port 22

# allow samba connection from local network
pass in on egress proto tcp from $local_network to port { 139, 445, 8080 }


#pass quick on $int_if no state
#antispoof quick for { lo $int_if }
#pass in on $ext_if proto tcp to ($ext_if) port ssh
#pass in log on $ext_if proto tcp to ($ext_if) port smtp
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp
#pass in on $ext_if inet proto icmp from any to ($ext_if) icmp-type { unreach, redir, timex }
 
fmc000 said:
I believe you put "block in" too early. Try putting it after the last "pass in".
Click to expand...
Thanks but no, as the rulesets, the order matters and the last match wins, so no problem to put "block in" on the top.

I changed the following rule:
Code: 
pass in on egress proto tcp from 192.168.3.201 to port 22

To new one as below and it works.
Code: 
pass in log quick on bge1 proto tcp from 192.168.3.201 to port 22

Just don't understand the meaning of "egress", googled but still confused.
 
Try to change "egress" to server's interface. I think current rule means "allow incoming ssh packets which goes out from server"
 
You must log in or register to reply here.
Back
Top