bingo! after changing "return" to "drop" it shows now the expected result (filtered)
current line: block drop in on ! lo0 proto tcp to port 6000:6010 thanks guys -dfs On Sun, Apr 26, 2015 at 12:53 PM, Stuart Henderson <[email protected]> wrote: > On 2015/04/26 12:48, Danilo Falcão wrote: > > Closed means the range 6000:6009 isn't filtered when I want only 22 to > be > > open. > > That's incorrect. > > > > > *block return in on ! lo0 proto tcp to port 6000:6010* > > This rule says: > > "Block TCP packets to port 6000-6010 coming in on any interface other than > lo0, > and return an ICMP port unreachable message when anybody tries". > > Some people might prefer it without the "port unreachable" message in > which case > they can change "return" to "drop". > > By removing the !, you have changed it to blocking 6000-6010 on the > loopback but permitting them on all other interfaces. > >
