RE: Why isn't this port blocked?
Title: RE: Why isn't this port blocked? This was the problem: >>Just replace <> with ><. tcp 3.3.0.10:12002 <- 2.2.20.0:2913 ESTABLISHED:ESTABLISHED [498402552 + 63219] [922621281 + 63919] age 00:03:52, expires in 23:59:56, 207 pkts, 42135 bytes, rule 43 @43 pass in inet proto tcp from any to any port 5799 <> 5811 keep state Should have been these: @32 pass in on fxp1 inet proto tcp from 3.3.0.0/16 to 2.2.0.0/16 port = nameserver keep state @33 pass in on fxp0 inet proto tcp from 2.2.0.0/16 to 3.3.0.0/16 port = nameserver keep state Thanks men, learned a lot again. Pete
Re: Why isn't this port blocked?
* Peter Gorsuch <[EMAIL PROTECTED]> [08.03.2003 00:01]:
> pass in inet proto { tcp, udp } from any to any port 5899 <> 5911 keep state
> pass out inet proto { tcp, udp } from any to any port 5899 <> 5911 keep
> state
> pass in inet proto { tcp, udp } from any to any port 5799 <> 5811 keep state
> pass out inet proto { tcp, udp } from any to any port 5799 <> 5811 keep
> state
Just replace <> with ><.
Re: Why isn't this port blocked?
On Fri, Mar 07, 2003 at 05:22:23PM -0500, Peter Gorsuch wrote: > Connections to port 12002 occur between net2 and net3, > which should only allow port 42. Show us the state entry (from pfctl -vvss output) that passes the connection, then the corresponding rule (pfctl -vvsr, for the rule number in the state entry). I don't see which rule would allow the connection, make sure you have pf enabled (pfctl -si must say 'Enabled') and you've actually loaded the ruleset (check pfctl -sr output). Daniel
