On Mon, Jan 19, 2026 at 6:16 PM Crystal Kolipe <[email protected]> wrote:
> On Mon, Jan 19, 2026 at 06:01:25PM +0300, Washington Odhiambo wrote: > > # ----------------------------------- > > # Block everything else (default deny) > > # Log blocked packets for debugging > > # ----------------------------------- > > block in log all > > block out log all > > These rules are blocking everything. > > PF evaluates rules sequentially, but the _last_ matching rule is > essentially > what counts. > > You can designate one or more rules as 'quick' to change that behaviour, > but > the most logical thing to do in your case would be to remove these block > lines > from the end and just have a single block rule at the top of the file: > > block return > > Then pass just the traffic you need, both in and out. > > Alternatively, if you don't want to write specific rules to pass the > outbound > traffic, you could start with: > > block return in > Thank you for the explanation. Very easy to understand. I did exactly what you advised. It still did not allow me SSH access. Now, I added pf=NO /etc/rc.conf.local and rebooted. I believe this disabled PF completely. This too did not solve the problem. I remember running OpenBSD7.4 under VMWare Workstation and life wasn't this difficult. See as I even have FreeBSD 15-RELEASE as a Proxmox VM and accessible, I am completely stumped with this issue around OpenBSD. TIt's affecting my sanity. Does anyone have any suggestions on how else I can resolve this? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
