If I have a redirect ruleset do I need to allow those ports as well?
I.e., if I have this:
rdr on $ext proto tcp from any to ($ext) port 22 -> 10.0.0.87 port 12345
Do I need this?
pass in on $ext proto tcp from any to ($ext) port 22
hi sporky,
the rdr only alter your incoming connection (pre-routing or before the incoming connection gets forwarded to the real interface) from port 22 to 12345 - not blocking it - so you have to open/allow the incoming session to port 22.
HTH.