2

I need to block one incoming port with pf. I'm new to pf, and I can't figure out what I'm doing wrong here.

Here is my entire rule file, made to block incoming port 22:

set block-policy drop pass in all keep state pass out all keep state block in proto tcp to port 22

After I start pf with sudo /sbin/pfctl -e -f /path/to/my/rule/file, all my network traffic is blocked. I try to load a webpage, and it won't load until I do sudo /sbin/pfctl -d to disable pf.

If I remove the fourth line (block in proto tcp to port 22) from my rule list, nothing is blocked. So what did I do wrong on the fourth line that is causing it to block everything instead of just incoming TCP port 22? All the examples did this similarly.

If it matters, my OS is OS X 10.8.5.

Improve this question

1 Answer 1

Reset to default
1 
block all pass in on fxp0 proto tcp from any to any port 22 flags S/SA pass out on fxp0 proto tcp from any to any port 22 flags S/SA

Please consider you have to change fxp0 to your ethernet according to your operating OS.

Reverse of above:

pass in on fxp0 proto tcp from any to any port < 22 flags S/SA pass out on fxp0 proto tcp from any to any port < 22 flags S/SA pass in on fxp0 proto tcp from any to any port > 22 flags S/SA pass out on fxp0 proto tcp from any to any port > 22 flags S/SA block in on fxp0 proto tcp from any to any port 22 block out on fxp0 proto tcp from any to any port 22
Improve this answer
2
  • This will block everything except port 22, though. I need to allow everything except port 22. Commented Sep 27, 2014 at 4:28
  • Thanks, it works. I actually did something a little different but equivalent: pass in all then block port 22 the way you did it. Commented Sep 27, 2014 at 9:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.