On Mon, Jan 19, 2026 at 07:07:36PM +0300, Washington Odhiambo wrote: > On Mon, Jan 19, 2026 at 6:16???PM Crystal Kolipe <[email protected]> > wrote: > > > On Mon, Jan 19, 2026 at 06:01:25PM +0300, Washington Odhiambo wrote: > > > # ----------------------------------- > > > # Block everything else (default deny) > > > # Log blocked packets for debugging > > > # ----------------------------------- > > > block in log all > > > block out log all > > > > These rules are blocking everything. > > > > PF evaluates rules sequentially, but the _last_ matching rule is > > essentially > > what counts. > > > > You can designate one or more rules as 'quick' to change that behaviour, > > but > > the most logical thing to do in your case would be to remove these block > > lines > > from the end and just have a single block rule at the top of the file: > > > > block return > > > > Then pass just the traffic you need, both in and out. > > > > Alternatively, if you don't want to write specific rules to pass the > > outbound > > traffic, you could start with: > > > > block return in > > > > Thank you for the explanation. Very easy to understand. > I did exactly what you advised. It still did not allow me SSH access. > Now, I added pf=NO /etc/rc.conf.local and rebooted. > I believe this disabled PF completely. > This too did not solve the problem.
The problem is probably not with PF, but something else. Are you sure that sshd is running? # ps -A | grep ssh ... should show the 'sshd' process. If it is running, is it listening on the network interface? # netstat -al | grep -F .ssh ... should show some output if there is a listening socket.
