this is on OpenBSD 4.0 Generic I have the below rule set in my pf.conf, i am having the following problem, i need to be able to log into the firewall with ssh from outside, and nothing should be able to hit the firewall from inside, not even ping
from outside i can hit the shadow server, ssh, ping, etc from outside i can not hit the firewall with anything, ssh, ping, etc from inside i can hit the firewall with pings from inside i can not hit the firewall with ssh xl0 and xl1 are in a bridge together xl0 faces the rest of the network xl1 is set up as a transparent fireall for the 192.168.25.0/24 network xl0 has no ip address xl1 has an ip of 192.168.25.253/24 switch1 ip 192.168.25.1 switch2 ip 192.168.25.253 switch1 -> firewall1 -> switch2 -> ext_if="xl0" int_if="xl1" set block-policy drop set skip on lo0 #set loginterface xl0 block return in on $ext_if from any to any block drop in on $int_if from any to any #allow management #firewall pass in on $ext_if from any to 192.168.25.253 #switch pass in on $ext_if from any to 192.168.25.252 pass in on $int_if from 192.168.25.252 to any #allow shadow pass in on $ext_if from any to 192.168.25.201 pass in on $int_if from 192.168.25.201 to any -- -Lawrence
