Hello all.
I have a ruleset where iam explicitly allowing incoming connections
on port 22.. (default is block log all) .. for some weird reason
they are getting blocked
log says: Apr 21 17:09:49.105052 rule 1/(match) block in on fxp0:
my.client.ip.here.54711 > my.server.ip.here.22: S
2999658291:2999658291(0) win 5840 <mss 1460,sackOK,timestamp
7094694[|tcp]> (
Using OBSD 4.6 .. the name of the interface does match with ifconfig
(only 1 network card) pass out works without any problem.
dns_servers = "{ 208.67.222.220, 208.67.222.222, 4.2.2.1, 4.2.2.2 }"
set block-policy drop
set loginterface $t_externa
set skip on lo
set debug urgent
##scrub
match in all scrub (no-df)
##translation
## filter rules
block log all
pass out
antispoof quick for { lo $t_externa }
## Traffic IN
pass in log quick on $t_externa inet proto { tcp, udp } from any
to ($t_externa) \
port { 22 8080 } keep state
## Traffic OUT
pass out quick on $t_externa inet proto { tcp, udp } from
($t_externa) to $dns_servers \
port 53 keep state
pass out quick on $t_externa inet proto { tcp } from ($t_externa) to any \
port { 80 443 } flags S/SA modulate state
pass out inet proto icmp all icmp-type { echoreq, unreach } keep state
Please help! Thanks
Andres
