This is a test bench. Here is my rules on router:
172.22.5.171 - is wan router ip
4322 - port for ssh
I have a few questions, but first: as I understand it, rule 119 is created when I connect to the router via ssh and then all packets for that connection go through this rule. Why, then, are there a number of packets that have gone through rule 120?
Code:
00005 0 0 allow ip from any to any via rl0
00010 68 13624 allow ip from any to any via lo0
00101 0 0 check-state :default
00119 357 29096 allow tcp from any to 172.22.5.171 4322 in via age0 keep-state :default
00120 11 872 allow tcp from 172.22.5.171 4322 to any out via age0 keep-state :default
00130 6 567 allow ip from 172.22.5.171 to 8.8.8.8 53 out via age0 keep-state :default
00131 0 0 allow ip from 8.8.8.8 53 to 172.22.5.171 in via age0 keep-state :default
00250 0 0 allow icmp from any to any out via age0 keep-state :default
00250 0 0 allow icmp from any to any in via age0 keep-state :default
00300 0 0 allow tcp from 172.22.5.171 to any 80 out via age0 keep-state :default
00310 0 0 allow tcp from any 80 to 172.22.5.171 in via age0 keep-state :default
00400 0 0 allow tcp from 172.22.5.171 to any 443 out via age0 keep-state :default
00410 0 0 allow tcp from any 443 to 172.22.5.171 in via age0 keep-state :default
01001 68 6653 deny ip from any to any
65535 0 0 deny ip from any to any
## Dynamic rules (1 136):
00119 184 14672 (1s) STATE tcp 172.22.0.127 53748 <-> 172.22.5.171 4322 :default
172.22.5.171 - is wan router ip
4322 - port for ssh
I have a few questions, but first: as I understand it, rule 119 is created when I connect to the router via ssh and then all packets for that connection go through this rule. Why, then, are there a number of packets that have gone through rule 120?
Last edited by a moderator: