On Mon, Jan 19, 2026 at 8:08 PM Crystal Kolipe <[email protected]> wrote:
> On Mon, Jan 19, 2026 at 07:07:36PM +0300, Washington Odhiambo wrote: > > On Mon, Jan 19, 2026 at 6:16???PM Crystal Kolipe < > [email protected]> > > wrote: > > > > > On Mon, Jan 19, 2026 at 06:01:25PM +0300, Washington Odhiambo wrote: > > > > # ----------------------------------- > > > > # Block everything else (default deny) > > > > # Log blocked packets for debugging > > > > # ----------------------------------- > > > > block in log all > > > > block out log all > > > > > > These rules are blocking everything. > > > > > > PF evaluates rules sequentially, but the _last_ matching rule is > > > essentially > > > what counts. > > > > > > You can designate one or more rules as 'quick' to change that > behaviour, > > > but > > > the most logical thing to do in your case would be to remove these > block > > > lines > > > from the end and just have a single block rule at the top of the file: > > > > > > block return > > > > > > Then pass just the traffic you need, both in and out. > > > > > > Alternatively, if you don't want to write specific rules to pass the > > > outbound > > > traffic, you could start with: > > > > > > block return in > > > > > > > Thank you for the explanation. Very easy to understand. > > I did exactly what you advised. It still did not allow me SSH access. > > Now, I added pf=NO /etc/rc.conf.local and rebooted. > > I believe this disabled PF completely. > > This too did not solve the problem. > > The problem is probably not with PF, but something else. > I haven't manipulated anything at all. It's a fresh OpenBSD install. > Are you sure that sshd is running? > Yes. > # ps -A | grep ssh > > ... should show the 'sshd' process. > > If it is running, is it listening on the network interface? > > # netstat -al | grep -F .ssh > > ... should show some output if there is a listening socket. > It's actually running. Your suggested commands show that it is running and listening on all interfaces for IPv4 and IPv6. Unfortunately, I am unable to paste the output of the commands here because the mouse pointer isn't available on the VMs console. But here is an image: https://imgur.com/a/1OnKWNQ -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
