On Fri, Mar 01, 2002 at 01:57:52PM -0500, zerokey wrote: > block in log all > pass out all > > pass in on fxp0 proto icmp from any to any > pass in on fxp0 proto tcp from any to any port = 53 > pass in on fxp0 proto udp from any to any port = 53 > pass in on fxp0 proto tcp from cc.cc.cc.cc to any > pass in on fxp0 proto udp from cc.cc.cc.cc to any > pass in on fxp0 proto tcp from any to aa.aa.aa.aa port = 22 > pass in on fxp0 proto tcp from any to bb.bb.bb.bb port = 22 > pass in on fxp0 proto tcp from any to cc.cc.cc.cc > pass in on fxp0 proto tcp from any to dd.dd.dd.dd > > Mar 01 13:50:22.976540 rule 0/0(match): block in on fxp0: aa.aa.aa.aa.22 > > 64.14.81.125.40123: P 0:52(52) ack 61 win 6432 (DF) [tos 0x10]
You're not using 'keep state', and hence the firewall is not creating state for connections. While all outgoing packets are passed, incoming packets related to such connections are generally blocked. Note that when you ssh out to an external host, the ssh client will use a random high port (like 40123), and replies have a _source_ port of 22 and a _destination_ port of 40123. Unless the external host is cc.cc.cc.cc, you're blocking those replies. I suggest you read the section STATEFUL INSPECTION in pf.conf(5) and then add 'keep state' to all 'pass' rules. Daniel _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
