Hello,
</snip>
> This is on a laptop, not a firewall per se. I want to (a) allow incoming ssh
> connections for a small list of addresses, and (b) block other inbound ssh.
> No outbound restrictions at all.
>
> Can’t make it work. /etc/pf.conf:
>
> table <mytable> { 192.168.10.13, 192.168.10.14, 192.168.100.1 }
>
> pass in proto tcp from <mytable> port ssh
> block in proto tcp from any port ssh
> block in log all
>
there are two problems:
1) the order of your rules is not quite right. PF uses 'last matching rule
wins' strategy.
2) you are missing rule, which creates a state for outbound packets, hence
responses from remote peers can be accepted by firewall
block in proto tcp from any port ssh
block in log all
pass in proto tcp from <mytable> port ssh
pass out all
hope it helps
regards
sasha
