Quote:
Originally Posted by jggimi
Your concern is TCP port 51413, which is "open" when you have a ruleset that apparently blocks all incoming traffic. I can think of 3 possible answers:
- PF is not enabled, so the ruleset has no effect. This can be checked with the -e option of pfctl(8). It will enable PF if disabled, or tell you that PF is already enabled.
- PF is not loaded with this particular ruleset. This can be checked with the -s rules option of pfctl()
- Unlikely: the testing system has an established state with the system under test. This can be checked with the -s states option of pfctl().
If none of these guesses are correct, add the log option to your block and pass rules, and inspect pflog(4) traffic with tcpdump(8) while testing with nmap.
Port 51413 is the default TCP port used by Transmission for incoming peers. To function properly, Transmission will need to pass incoming peer traffic.
|
Code:
# pfctl -e
pf enabled
Code:
# pfctl -s rules
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
Code:
# pfctl -s states
all tcp 172.16.197.126:47111 -> 50.112.201.212:443 FIN_WAIT_2:FIN_WAIT_2
all tcp 172.16.197.126:36590 -> 95.170.82.241:80 FIN_WAIT_2:FIN_WAIT_2
all udp 172.16.197.255:138 <- 172.16.197.171:138 NO_TRAFFIC:SINGLE
all udp 255.255.255.255:5678 <- 150.129.176.114:5678 NO_TRAFFIC:SINGLE
all udp 172.16.197.126:36062 -> 13.126.37.14:123 MULTIPLE:SINGLE
all udp 172.16.197.126:37230 -> 139.59.43.68:123 MULTIPLE:SINGLE
Yes I know that transmission will need that port but I want to be in control meaning transmission must not open that port unless I port forward that port.