pf
view ssh blacklist
blacklistctl dump -b
Activate pf and pflog
sysrc pf_enable=yes sysrc pflog_enable=yes service pf start service pflog start
View pflog
tcpdump -n -e -ttt -r /var/log/pflog
Most Basic pf.conf
title="/etc/pf.conf" ext_if="vtnet0" block in all pass out all keep state pass in on $ext_if proto tcp to ($ext_if) port ssh
Reasonable config for VPS with jail support
ext_if="vtnet0" wg_if="wg0" set block-policy return scrub in on $ext_if all fragment reassemble set skip on lo table <jails> persist nat on $ext_if from <jails> to any -> ($ext_if:0) rdr-anchor "rdr/*" block in all pass out quick keep state antispoof for $ext_if inet pass in inet proto tcp from any to any port ssh flags S/SA keep state pass in inet proto tcp from any to any port 443 flags S/SA keep state pass in quick inet proto icmp all pass in on $wg_if from any to any