better
solution for all non-SSH packets to be passed before SSH check, something like
==
pass out quick flags any no state
pass in quick proto ! tcp flags any no state
pass in quick proto tcp from any to any port ! 22 flags any no state
## start sshd on port 22 and instead ##
## pass in quick proto tcp from any to (self) port rdr-to 127.0.0.1 port 22
block in quick proto tcp from ! to (self) port 22 no state
pass flags any no state
==
Is this better?
Thank you all for your answers.
Regards,
Robert Wolf.
ty to tell pf "to
LOCAL-HOST". I have search with google but no relevant articles found, maybe I
have not asked correct.
Thank you very much for any idea.
Regards,
Robert Wolf.
how the "nesting" should be done correctly?
Is the rule "From PolicyIn to PolicyIn-LAN" correct in "PolicyIn" anchor
or should it be in main table as following?
-
anchor "PolicyIn/PolicyIn-LAN" in on vic0 inet from any to any no
state label "From main to PolicyIn-LAN of PolicyIn"
-
Thank you very much for you answers.
Regards,
Robert Wolf
3 matches
Mail list logo
