Hello, THat solved the issue but I have about 20 rulesets that have the same syntax. I dont see anything yet also about this.
Please elaborate. Andres On Thu, Apr 22, 2010 at 3:59 PM, Alexander Hall <alexan...@beard.se> wrote: > On 04/22/10 18:22, Allie Daneman wrote: >> Why are you doing "from any to (fxp0)" ? That's your problem. Change all > > I fail to see why that would cause any issues. Care to elaborate? > > /Alexander > >> the rules like that to "from any to any" since you're already putting >> the rule on that interface and it should fix you up. As long as you're >> not redirecting you can turn logging on specific rules and see why >> they're blocking as well if that doesn't fix your issue. >> >> Andres Salazar wrote: >>> Hello, >>> >>> Yes it loaded properly. Yes I had missied the macro for the external >>> NIC it is included in the original ruleset. t_externa = "fxp0" >>> >>> >>> This is the result for pfctl -sr: >>> >>> match in all scrub (no-df) >>> block drop all >>> pass out all flags S/SA keep state >>> pass out quick on fxp0 inet proto tcp from (fxp0) to 208.67.222.220 >>> port = domain flags S/SA keep state >>> pass out quick on fxp0 inet proto tcp from (fxp0) to 208.67.222.222 >>> port = domain flags S/SA keep state >>> pass out quick on fxp0 inet proto tcp from (fxp0) to 4.2.2.1 port = >>> domain flags S/SA keep state >>> pass out quick on fxp0 inet proto tcp from (fxp0) to 4.2.2.2 port = >>> domain flags S/SA keep state >>> pass out quick on fxp0 inet proto udp from (fxp0) to 208.67.222.220 >>> port = domain keep state >>> pass out quick on fxp0 inet proto udp from (fxp0) to 208.67.222.222 >>> port = domain keep state >>> pass out quick on fxp0 inet proto udp from (fxp0) to 4.2.2.1 port = >>> domain keep state >>> pass out quick on fxp0 inet proto udp from (fxp0) to 4.2.2.2 port = >>> domain keep state >>> pass in quick on fxp0 inet proto tcp from any to (fxp0) port = ssh >>> flags S/SA keep state >>> pass in quick on fxp0 inet proto tcp from any to (fxp0) port = 8080 >>> flags S/SA keep state >>> pass in quick on fxp0 inet proto udp from any to (fxp0) port = ssh >>> keep state >>> pass in quick on fxp0 inet proto udp from any to (fxp0) port = 8080 keep >>> state >>> pass out quick on fxp0 inet proto tcp from (fxp0) to any port = www >>> flags S/SA modulate state >>> pass out quick on fxp0 inet proto tcp from (fxp0) to any port = https >>> flags S/SA modulate state >>> pass out inet proto icmp all icmp-type echoreq keep state >>> pass out inet proto icmp all icmp-type unreach keep state >>> >>> >>> >>> As soon as I hit pfctl -f /etc/pf.conf and pfctl -e iam locked and I >>> cannot SSH in from the outside. >>> >>> Where am I blocking port SSH in? :( >>> >>> Andres >>> >>> >>> On Wed, Apr 21, 2010 at 9:45 PM, Daniel Ouellet <dan...@presscom.net> >>> wrote: >>> >>>>> ## Traffic IN >>>>> pass in log quick on $t_externa inet proto { tcp, udp } from any >>>>> to ($t_externa) \ >>>>> port { 22 8080 } keep state >>>>> >>>> In your pf configuration it doesn't show where you actually define the >>>> >>> macro >>> >>>> for your interface $t_externa. >>>> >>>> Are you sure the rules you run are what you think they are. >>>> >>>> Did it load properly and may be you want to check the rules as active >>>> with >>>> >>>> pfctl -sr >>>> >>>> And check that display. I think you may find what you are looking for. >>>> >>>> Compare your pf.conf with what you actually see in pfctl -sr and you >>>> will >>>> work your issue out. >>>> >>>> Best, >>>> >>>> Daniel