Hello,
I am using OpenBSD 4.0 with pf. On my machine I run some services
including ssh. Since I want access to my machine from outside I opened
the ssh port and created a rule that allows outgoing traffic:
pass in on $ext_if proto tcp to ($ext_if) port 22
pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state
So long, from two of my PCs outside the network I can connect to the ssh
service but from exactly one PC it does not work because I get no
response back from the ssh server. If I add 'keep state' to the pass in
rule it works.
Why do I need 'keep state' although the pass out rule already defines
'modulate state'? As I mentioned above: it works for all of my PCs
outside except for one.
cheers,
Gerald
