Without having seen the complete ruleset it is difficult to diagnose the problem
Please remember that with
pf the last matching rule wins. So it could be that another rule accidentally allows in coming ssh traffic. So I would recommend to use
quick to force immediate execution of the blocking rule(s).
So either
or
Code:
block in quick on tun0 proto tcp from any to any port = 22