Re: pf starts blocking all traffic after a short while

From: Pete French <petefrench_at_ingresso.co.uk>
Date: Fri, 4 Jun 2021 19:51:27 +0100
On 04/06/2021 18:03, Doug Hardie wrote:

> What IP address is the client you SSH from using?  I get the impression that it is not one of the private IP addresses listed in the rules.  If that is the case, there is no rule for incoming SSH from public IPs.  Hence, the default block all will apply.  I suspect you need another rule like "pass in quick port 22 all keep state".  I understand "keep state" is the default and doesn't need to be included on each rule.

Client IP address is 2001:470:6cc4:1:cd6:5836:ddba:7b54 so it should be 
caught by this rule:

pass in inet6 from 2001:470:6cc4::/48 to any flags S/SA keep state

Indeed ssh works fine for the first five minutes or so after the machine 
boots, but then it just stops passing packest (of both IPv4 and IPv6).

Am wondering if this is something to do with the AWS firewall maybe ? I 
cant tell *where* the packets are being stopped. Anyone else using AWS ?

-pete.
Received on Fri Jun 04 2021 - 18:51:27 UTC

Original text of this message