Hope everyone is doing well... My question is a little difficult to word, and thus its been impossible for me to find other instances of it by searching this list or google, so hopefully someone can help.
We are running pf on v3.4 and for the most part it has worked perfectly for 6 months (with only 2 hard crashes). However, twice now in the past week we've seen it suddenly stop allowing certain connections through, while others come through just fine. The state table is nowhere near even 35% full, and its always just one port that wont get through. In this case it was ssh that was suddenly not allowed. We have these three rules: pass in log on $ext_if proto tcp from xx.xx.xx.xx/24 to any port 22 keep state pass in log on $ext_if proto tcp from any to any port 25 keep state pass in log on $ext_if proto tcp from any to any port 80 keep state Where xx.xx.xx.xx/24 is our class C at our office. Now the problem we see is that all of a sudden ssh is no longer allowed through. There are no entries in the log about connections actually being blocked, but nothing gets through. From multiple IPs on our C block we can hit SMTP and HTTP, just not SSH. Does anyone have any ideas? Anywhere I can look? Need any more information? Thanks, Lyle Worthington
