raff wrote:
Hello.i have 1 rule in my pf.conf, with wich i want to allow locally generated traffic ONLY to 10.0.0.1 and port 22: block out on $int_if proto {tcp,udp} from $int_ip to ! 10.0.0.1 \ port != 22 this rule allow to connect to only 10.0.0.1, BUT to any port instead only 22. Am i doing something wrong?
Yep. It blocks connections to every host except 10.0.0.1 on all ports except 22. So it is blocking all but every port on 10.0.0.1 and port 22 on every other host. Look at it as "block ... to ! 10.0.0.1 AND port != 22", not "... OR ...".
You should propably use somthing like: block all pass out proto tcp from any to 10.0.0.1 port ssh /Alexander
