Hallo all,
May I ask any PF professional for his advice?
I have openbsd router with more interfaces doing routing. It does not work as a
firewall so there is only one rule "pass flags any no state".
Because of many hack-scripts doing SSH logins and filling logs I would like to
block every SSH traffic going to this host from unknown IPs, but not routed
traffic. I want to keep this block rule as simple as possible to be correct for
future, even if interfaces change or IP addresses change.
I work mostly with Linux and I in netfilter I would create following rule:
iptables -I INPUT -j DROP -s OURNETWORK -m state --state NEW
In PF I did following rules:
----
table <OutNetworks> const { .... }
pass quick proto tcp from <OurNetworks> to any port 22 no state
pass in quick proto tcp from any to any port 2222 rdr-to 127.0.0.1 port 22
block quick proto tcp from any to any port 22
----
But of course, the last rule blocks every SSH traffic going from unknown
networks to all hosts.
Could someone please help me to create PF rules to block only traffic going to
local machine from other networks as OutNetworks similary as the iptables rule
above?
I have read PF manual but not found any possibility to tell pf "to
LOCAL-HOST". I have search with google but no relevant articles found, maybe I
have not asked correct.
Thank you very much for any idea.
Regards,
Robert Wolf.
