Hopefully someone can give me some insight here... Here is a very brief background:
I have an vanilla OpenBSD 3.1 bridging firewall setup with three interfaces. The two bridge interfaces do not have an IP address but the third does. There is a machine behind my bridge that I selectively allow SSH access via the bridge's PF rules. Here is what happened today: My supervisor sent me e-mail saying that she cannot ssh to the internal SSH machine from her home. I see that her IP address has changed so I adjust the pf rules accordingly and reload them. However, based on the SSH logs, I see that she's been connecting with the changed IP address since September 1st! The changed IP address was not referenced anywhere in my pf.conf file until after I made my changes today. I quickly tried to ssh to that machine from a different IP address as a test and it is properly blocked. Something doesn't seem right. Does anyone have an idea what happened? I am willing to test this out further with some guidance although I don't know if I can repeat this (since in my test, I was properly blocked from connecting). Andy
