RE: Why isn't this port blocked?

[Peter Gorsuch]

Title: RE: Why isn't this port blocked?





This was the problem:

Just replace  with .


tcp 3.3.0.10:12002 - 2.2.20.0:2913 ESTABLISHED:ESTABLISHED
 [498402552 + 63219] [922621281 + 63919]
 age 00:03:52, expires in 23:59:56, 207 pkts, 42135 bytes, rule 43


@43 pass in inet proto tcp from any to any port 5799  5811 keep state 


Should have been these:


@32 pass in on fxp1 inet proto tcp from 3.3.0.0/16 to 2.2.0.0/16 port = nameserver keep state 
@33 pass in on fxp0 inet proto tcp from 2.2.0.0/16 to 3.3.0.0/16 port = nameserver keep state 


Thanks men, learned a lot again.


Pete

Re: Why isn't this port blocked?

[Armin Wolfermann]

* Peter Gorsuch [EMAIL PROTECTED] [08.03.2003 00:01]:
 pass in inet proto { tcp, udp } from any to any port 5899  5911 keep state
 pass out inet proto { tcp, udp } from any to any port 5899  5911 keep
 state
 pass in inet proto { tcp, udp } from any to any port 5799  5811 keep state
 pass out inet proto { tcp, udp } from any to any port 5799  5811 keep
 state
 
Just replace  with .

Re: Why isn't this port blocked?

[Daniel Hartmeier]

On Fri, Mar 07, 2003 at 05:22:23PM -0500, Peter Gorsuch wrote:

 Connections to port 12002 occur between net2 and net3, 
 which should only allow port 42.  

Show us the state entry (from pfctl -vvss output) that passes the
connection, then the corresponding rule (pfctl -vvsr, for the rule
number in the state entry).

I don't see which rule would allow the connection, make sure you have pf
enabled (pfctl -si must say 'Enabled') and you've actually loaded the
ruleset (check pfctl -sr output).

Daniel