Solved Why does this simple pf.conf locks me out of ssh?

Hi,

I'm new to PF. I read the documentation very carefully and I can't understand why this simple pf.conf locks me out of ssh:

Code:
tcp_egress_out="{53, 80, 443, 123}"
block in all
block out all
pass in quick on lo0
pass out quick on lo0
pass in quick on egress inet proto tcp from any to (egress) port 22
pass out quick on egress inet proto tcp from (egress) to any port $tcp_egress_out

When I set this up and restart the pf service, it's over, I can no longer ssh into the machine.
 
Stick to pf.conf(5) man page on the system to ensure you get the most accurate information. There can be a mix if you look online and come across the mix of OpenBSD and FreeBSD info.
 
This may not have saved you this time because the non-existing interface group is probably not an error but make a habit of checking your rules for errors before loading them for real. This is done by (can be run as normal user):

pfctl -n -f /etc/pf.conf
 
Thanks! I was going to ask how to check the rules without loading them and you replied before I even asked!
 
Back
Top