>> I am testing pf in an OpenBSD 4.1. This same configuration works fine on
>> OpenBSD 3.9, but in 4.1 it is not filtering anything, everything is passing
>> thru, just like as if there was no 'block all'.
Is pf enabled? (pfctl -si)
Did your ruleset load ok? (pfctl -sr)
>> What worries me most is that anyone on the outside can see my ssh service .
I do different things on different boxes, but my usual setup these days
is something like this:
PasswordAuthentication no
Match Address "192.168.*,10.*"
PasswordAuthentication yes
This allows passwords to work on selected networks and forces keys
for the rest of the internet. Allows me to hop from machine to machine
on an internal network, access it from anywhere from trusted boxes
with keys, and discourages me from typing passwords in from untrusted
boxes (reduces risk from keyloggers).
