When I try to run cvs for src/ports/xenocara it doesn't work, but when I
disable PF it works fine. What is the issue? What port do I allow out to
install from ports? How can I tighten up my rules?
ext_if = "dc0"
int_if = "lo0"
block all
match in all scrub (no-df random-id)
antispoof quick for { $ext_if, $int_if }
pass in quick on $ext_if proto tcp from 192.168.1.1 port 22
pass quick proto tcp from any to any port ssh \
flags S/SA keep state \
(max-src-conn 1, max-src-conn-rate 1/60)
pass out on $ext_if proto tcp from port 22
