On Thu, Nov 16, 2006 at 08:11:21PM +0200, Andrei Kolu wrote: > Yes, I understand that SMB is bad, but why PF blocks port that is opened with > rules? > > /etc/pf.conf: > pass in on rl0 proto udp from any to (rl0) port 137 keep state > > # tcpdump -n -e -ttt -i pflog0: > rule 0/0(match): block in on rl0: 192.168.2.100.137 > > 192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
Your rule passes IN packets TO *DESTINATION* port 137 The packet you are blocking is coming IN, FROM *SOURCE* port 137 If that isn't clear enough, I can't help you, you need to read a book on firewalls or TCP/IP. -- "Cryptography is nothing more than a mathematical framework for discussing various paranoid delusions." -- Don Alvarez <URL:http://www.subspacefield.org/~travis/> -><- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
