I did pfctl -f /etc/pf.conf again to be sure, no luck. here is the output of pfctl -s rules: block return all pass all flags S/SA block return in on ! lo0 proto tcp from any to any port 6000:6010 block return out log proto tcp all user = 55 block return out log proto udp all user = 55 block return all pass all flags S/SA block return in on ! lo0 proto tcp from any to any port 6000:6010 block return out log proto tcp all user = 55 block return out log proto udp all user = 55 pass in proto tcp from any to any port = 30000 flags S/SA
On Sat, Jun 6, 2026 at 9:40 PM Polarian <[email protected]> wrote: > Hey, > > > set skip on lo > > > > block return # block stateless traffic > > pass # establish keep-state > > > > # By default, do not permit remote connections to X11 > > block return in on ! lo0 proto tcp to port 6000:6010 > > > > # Port build user does not need network > > block return out log proto {tcp udp} user _pbuild > > > > # GNU nano 8.7.1 /etc/pf.conf > > > > # See pf.conf(5) and /etc/examples/pf.conf > > > > set skip on lo > > > > block return # block stateless traffic > > pass # establish keep-state > > > > # By default, do not permit remote connections to X11 > > block return in on ! lo0 proto tcp to port 6000:6010 > > > > # Port build user does not need network > > block return out log proto {tcp udp} user _pbuild > > > > pass in proto tcp to any port 30000 > > Why is there duplicate rules, this is so confusing. > > Also its also helpful to attach the output of: > > pfctl -s rules > > This outputs the expanded and full pf rules loaded, and when your config > above is such a mess, this would be far easier to see whats going on. > > Also it goes without saying, but ensure you pfctl -f /etc/pf.conf when > you update pf.conf, would be surprised how many times you forget to do > this and can't figure out why it just doesn't work, yet another reason > pfctl -s rules is so useful. > > Thanks, > -- > Polarian > Jabber/XMPP: [email protected] > >
