I have recently
began learning about ipfilter. And from what I've read
everywhere, ipfilter reads through all rules that apply for a certain
packet and then uses either the last rule that applies or the first quick rule
that applies. However, my packets do not seem to be following this
scheme.
# Rules
#
# Inbound
Traffic
block in log on vr0
from any to any head 200
pass in quick proto
tcp from any to any port = ssh flags S/SA keep state group
200
block
return-icmp(net-unr) in log proto udp all group 200
While everything
that I've read and heard says that the ssh rule should apply when I try to
tunnel into my system, both of the block rules execute
instead.
*Note there are
other rules, but these are the only two that conflict with the ssh
rule.
Thanks for any
advice!
-Brad
