> I'm sure you've noticed the script-kiddie attacks trying to guess the root > password (among other users).
No, actually I haven't. And you shouldn't either if your config file is set up correctly. > Now I don't know if this is a problem with my rules Yes. > ATTACHMENT part 2 application/octet-stream name=pf.conf.20041015 I took a look and I can say that you should redesign the whole thing. The common and effective strategy is to take a block (in ext_if) by default stance. Then, still common, because it makes things simple, you allow all traffic out and keep state on it. This rule is allowing your box to be attacked: pass in log on $ext_if proto tcp from any to <protected> port $tcp_in keep state Where port 22 is included in $tcp_in. Why are you allowing hosts to connect to your box from the internet? Do *you* need to do this? Very bad idea. If you must then at least make it so sshd will not allow root to connect directly (see /etc/ssh/sshd_config and look at PermitRootLogin parameter). You may also want to be less open by not using the "any" keyword. I have a couple of tutorials on pf if you're interested. Email me privately. ~~ pm ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca
