Hallo all, May I ask any PF professional for his advice?
I have openbsd router with more interfaces doing routing. It does not work as a firewall so there is only one rule "pass flags any no state". Because of many hack-scripts doing SSH logins and filling logs I would like to block every SSH traffic going to this host from unknown IPs, but not routed traffic. I want to keep this block rule as simple as possible to be correct for future, even if interfaces change or IP addresses change. I work mostly with Linux and I in netfilter I would create following rule: iptables -I INPUT -j DROP -s OURNETWORK -m state --state NEW In PF I did following rules: ---- table <OutNetworks> const { .... } pass quick proto tcp from <OurNetworks> to any port 22 no state pass in quick proto tcp from any to any port 2222 rdr-to 127.0.0.1 port 22 block quick proto tcp from any to any port 22 ---- But of course, the last rule blocks every SSH traffic going from unknown networks to all hosts. Could someone please help me to create PF rules to block only traffic going to local machine from other networks as OutNetworks similary as the iptables rule above? I have read PF manual but not found any possibility to tell pf "to LOCAL-HOST". I have search with google but no relevant articles found, maybe I have not asked correct. Thank you very much for any idea. Regards, Robert Wolf.