At 13:38 10/30/2002 -0300, Helio Alexandre Lopes Loureiro wrote:
OK, got it. Then below is an example from the pf.log where requests to the domain service on port 47466 are blocked. Are they illegal then?[root@goku:root]# tcpdump -i eth0 -n port 53 tcpdump: listening on eth0 13:34:35.922231 146.250.147.127.1030 > 146.250.158.238.53: 46641+ A? helio.loureiro.eng.br. (39) (DF) 13:34:35.929837 146.250.158.238.53 > 146.250.147.127.1030: 46641 2/5/4 CNAME[|domain] (DF)Here you can see a tcpdump from my Linux laptop (yes, Linux), where I started a "nslookup". My machine, 146.250.147.127, started connection from port 1030 (any free port above 1024) to dns server, 146.250.158.238, port 53.
Oct 29 23:45:23.025300 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 10479* 0/1/0 (85) (DF)
Oct 29 23:45:23.026227 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 42856* 0/1/0 (85) (DF)
Oct 29 23:45:23.027059 rule 30/0(match): block in on xl0: 192.36.125.2.53 > 217.215.7.177.47466: 14942*- 1/3/3 (177)
Oct 29 23:45:23.027377 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 12645* 0/1/0 (81) (DF)
Oct 29 23:45:23.027910 rule 30/0(match): block in on xl0: 212.209.91.130.53 > 217.215.7.177.47466: 33552* 0/1/0 (81) (DF)
Oct 29 23:45:23.202936 rule 30/0(match): block in on xl0: 192.35.51.30.53 > 217.215.7.177.47466: 6201- 0/2/2 (105)
Oct 29 23:45:23.223715 rule 30/0(match): block in on xl0: 128.32.136.12.53 > 217.215.7.177.47466: 37607* 0/1/1 (94)
Oct 29 23:45:23.225328 rule 30/0(match): block in on xl0: 128.32.136.12.53 > 217.215.7.177.47466: 1466* 0/1/1 (94)