View Single Post
Old 2nd December 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
 
Join Date: Sep 2014
Posts: 242
Default

Quote:
Originally Posted by jggimi View Post
Your concern is TCP port 51413, which is "open" when you have a ruleset that apparently blocks all incoming traffic. I can think of 3 possible answers:
  1. PF is not enabled, so the ruleset has no effect. This can be checked with the -e option of pfctl(8). It will enable PF if disabled, or tell you that PF is already enabled.
  2. PF is not loaded with this particular ruleset. This can be checked with the -s rules option of pfctl()
  3. Unlikely: the testing system has an established state with the system under test. This can be checked with the -s states option of pfctl().
If none of these guesses are correct, add the log option to your block and pass rules, and inspect pflog(4) traffic with tcpdump(8) while testing with nmap.


Port 51413 is the default TCP port used by Transmission for incoming peers. To function properly, Transmission will need to pass incoming peer traffic.
Code:
# pfctl -e                                                                     
pf enabled
Code:
# pfctl -s rules
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
Code:
# pfctl -s states
all tcp 172.16.197.126:47111 -> 50.112.201.212:443       FIN_WAIT_2:FIN_WAIT_2
all tcp 172.16.197.126:36590 -> 95.170.82.241:80       FIN_WAIT_2:FIN_WAIT_2
all udp 172.16.197.255:138 <- 172.16.197.171:138       NO_TRAFFIC:SINGLE
all udp 255.255.255.255:5678 <- 150.129.176.114:5678       NO_TRAFFIC:SINGLE
all udp 172.16.197.126:36062 -> 13.126.37.14:123       MULTIPLE:SINGLE
all udp 172.16.197.126:37230 -> 139.59.43.68:123       MULTIPLE:SINGLE
Yes I know that transmission will need that port but I want to be in control meaning transmission must not open that port unless I port forward that port.
Reply With Quote