On 11/10/25 10:42 AM, dirk coetzee wrote:
Any idea if my antispoofing configuration is incorrect? Or any other suggestions to mitigate SSH connections from lo0?
Your pf.conf ignores all traffic on lo: > # ---=== Global Config ====---- > set skip on lo
Please note - SSH is configured to listen on TCP/50022. Not TCP/5273, so i have no idea how or why SSH is responding on TCP/5273.
It's not. 5273 is the source port.
