Home » Mailing list archives » openbsd-misc » 2007 » May » 22

Re: OpenBSD 4.1: pf is not blocking anything

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stuart Henderson <stu@...>
To: <misc@...>
Subject: Re: OpenBSD 4.1: pf is not blocking anything
Date: Tuesday, May 22, 2007 - 7:24 am

>> I am testing pf in an OpenBSD 4.1. This same configuration works fine on


Is pf enabled? (pfctl -si)

Did your ruleset load ok? (pfctl -sr)


>> What worries me most is that anyone on the outside can see my ssh service .


I do different things on different boxes, but my usual setup these days

is something like this:


PasswordAuthentication no


Match Address "192.168.*,10.*"

        PasswordAuthentication yes


This allows passwords to work on selected networks and forces keys

for the rest of the internet. Allows me to hop from machine to machine

on an internal network, access it from anywhere from trusted boxes

with keys, and discourages me from typing passwords in from untrusted

boxes (reduces risk from keyloggers).
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
OpenBSD 4.1: pf is not blocking anything, Marcos Laufer, (Mon May 21, 2:36 pm)
Re: OpenBSD 4.1: pf is not blocking anything, Peter N. M. Hansteen, (Tue May 22, 7:23 am)
Re: OpenBSD 4.1: pf is not blocking anything, Bohdan Tashchuk, (Tue May 22, 6:58 am)
Re: OpenBSD 4.1: pf is not blocking anything, Stuart Henderson, (Tue May 22, 7:24 am)
Re: OpenBSD 4.1: pf is not blocking anything, Mariusz Makowski, (Mon May 21, 4:35 pm)
Re: OpenBSD 4.1: pf is not blocking anything, Todd Alan Smith, (Mon May 21, 3:09 pm)