I tried that, with no success.
Also compiled 5.51 from source with the same result.
I get this:
sendto in send_ip_packet_sd: sendto(4, packet, 60, 0, ya.da.ya.da, 16)
=> No route to host
Offending packet: TCP ya.da.ya.da:59268 > ya.da.ya.da:80 ttl=55
id=27672 iplen=60 seq=3496514045 win=128 <wscale 10,nop,mss
265,timestamp 4294967295 0,sackOK>
I went on to clean up like nobodys business, ie
# pfctl -s rules
pass all no state
pass all user = 0 no state (i know)
Still doesn't work.
Just to be sure I tried disabling pf, and ofcourse that does the trick.
But as I said, thats not an option for me.
Any more suggestions? Is pf configurable on a lower level outside the
ruleset?
Is there a way, good or bad, to relax pf enough to let nmap do its
OS detection?
I am on 4.8.
You can always disable pf (pfctl -d). I'd also expect any sensible
configuration without "scrub" or (implicit) "keep state" to work, but
I
didn't check that.
E.g. you could try
set skip on lo0
pass
block in on ! lo0 proto tcp to port 6000:6010
pass user root no state
pass icmp no state
Joachim
