You need to add a rule like this:
pass out on $ext_if proto tcp to port 2401
I highly recommend that you learn how to use tcpdump to understand what
is sent over your interfaces (and what isn't).
You can monitor any blocked packets on the pflog0 device.
man tcpdump
man pflog
man pf.conf
less /etc/services
kind regards,
Robert
x x wrote:
When I try to run cvs for src/ports/xenocara it doesn't work, but when I
disable PF it works fine. What is the issue? What port do I allow out to
install from ports? How can I tighten up my rules?
ext_if = "dc0"
int_if = "lo0"
block all
match in all scrub (no-df random-id)
antispoof quick for { $ext_if, $int_if }
pass in quick on $ext_if proto tcp from 192.168.1.1 port 22
pass quick proto tcp from any to any port ssh \
flags S/SA keep state \
(max-src-conn 1, max-src-conn-rate 1/60)
pass out on $ext_if proto tcp from port 22
