On Thu, Jun 20, 2024 at 08:43:04AM +0100, Stuart Henderson wrote: > On 2024/06/20 06:08, Mizsei Zoltán wrote: > > Hi and thanks for your reply. > > > > Some extra information: > > - If i try pkg_add many times, it will eventually do its job without any > > error. But it needs many tries. > > Also switching to other mirror using the /etc/installurl helps > > *sometimes*... > > I don't have any issue with other networking programs. > > Your suggestion regarding firewall can still be the culprit, I have set up > > pf according to this blogpost: > > https://blog.thechases.com/posts/bsd/aggressive-pf-config-for-ssh-protection/ > > Do you see any obvious errors here? > > Yes, I do, one of the rules in the example file that isn't explained > in the text affects http and https connections and is almost certain > to be the cause. It should be obvious when you read through the rules. > (Also the way that "synproxy state" is used is a bit dubious, though > isn't responsible for this problem).
Copying excessively complicated and over the top example configs without fully understanding what each line does and it's potential side-effects is usually a bad idea. There are much simpler and still effective ways to reduce unwanted connection attempts to a running ssh daemon.
