Your
auth.rules file should include a pass that allows ssh traffic through your internal interface. Such as:
Code:
allowed_tcp_ports="{ ssh, https, rdp }"
pass proto tcp from $user_ip to any port $allowed_tcp_ports
Several notes:
- Position of the anchor in the main ruleset is important. The last matching rule wins.
- Be careful with in, out, and on directives. These restrictions often cause more confusion, and therefore more problems, than they solve. You'll note my example rule doesn't use them.