On 2015/04/26 12:48, Danilo Falcão wrote: > Closed means the range 6000:6009 isn't filtered when I want only 22 to be > open.
That's incorrect. > > > *block return in on ! lo0 proto tcp to port 6000:6010* This rule says: "Block TCP packets to port 6000-6010 coming in on any interface other than lo0, and return an ICMP port unreachable message when anybody tries". Some people might prefer it without the "port unreachable" message in which case they can change "return" to "drop". By removing the !, you have changed it to blocking 6000-6010 on the loopback but permitting them on all other interfaces.
