Hello,
You should generally specify the interface. But regardless, I would add logging
al la:
block return log all
...
# egress/vio0/whatever
pass in log on egress proto { tcp, udp } from any to (egress) port 30000
...
pfctl -f /etc/pf.conf
If specifying the interface doesn't fix it, you can then run:
tcpdump -ttt -vvv -nei pflog0
Then watch the terminal while you try to connect to your server, you can see if
the connection is being passed to determine if the issue is pf(4) or something
else.
On June 7, 2026 1:56:23 a.m. UTC, Christopher Turkel
<[email protected]> wrote:
>I did pfctl -f /etc/pf.conf again to be sure, no luck.
>
>here is the output of pfctl -s rules:
>block return all
>pass all flags S/SA
>block return in on ! lo0 proto tcp from any to any port 6000:6010
>block return out log proto tcp all user = 55
>block return out log proto udp all user = 55
>block return all
>pass all flags S/SA
>block return in on ! lo0 proto tcp from any to any port 6000:6010
>block return out log proto tcp all user = 55
>block return out log proto udp all user = 55
>pass in proto tcp from any to any port = 30000 flags S/SA
>
>On Sat, Jun 6, 2026 at 9:40 PM Polarian <[email protected]> wrote:
>
>> Hey,
>>
>> > set skip on lo
>> >
>> > block return # block stateless traffic
>> > pass # establish keep-state
>> >
>> > # By default, do not permit remote connections to X11
>> > block return in on ! lo0 proto tcp to port 6000:6010
>> >
>> > # Port build user does not need network
>> > block return out log proto {tcp udp} user _pbuild
>> >
>> > # GNU nano 8.7.1 /etc/pf.conf
>> >
>> > # See pf.conf(5) and /etc/examples/pf.conf
>> >
>> > set skip on lo
>> >
>> > block return # block stateless traffic
>> > pass # establish keep-state
>> >
>> > # By default, do not permit remote connections to X11
>> > block return in on ! lo0 proto tcp to port 6000:6010
>> >
>> > # Port build user does not need network
>> > block return out log proto {tcp udp} user _pbuild
>> >
>> > pass in proto tcp to any port 30000
>>
>> Why is there duplicate rules, this is so confusing.
>>
>> Also its also helpful to attach the output of:
>>
>> pfctl -s rules
>>
>> This outputs the expanded and full pf rules loaded, and when your config
>> above is such a mess, this would be far easier to see whats going on.
>>
>> Also it goes without saying, but ensure you pfctl -f /etc/pf.conf when
>> you update pf.conf, would be surprised how many times you forget to do
>> this and can't figure out why it just doesn't work, yet another reason
>> pfctl -s rules is so useful.
>>
>> Thanks,
>> --
>> Polarian
>> Jabber/XMPP: [email protected]
>>
>>
achaean
