View Single Post
Old 2nd December 2017
bsd007's Avatar
bsd007 bsd007 is offline
Always learning
Join Date: Sep 2014
Posts: 219

Originally Posted by jggimi View Post
Your concern is TCP port 51413, which is "open" when you have a ruleset that apparently blocks all incoming traffic. I can think of 3 possible answers:
  1. PF is not enabled, so the ruleset has no effect. This can be checked with the -e option of pfctl(8). It will enable PF if disabled, or tell you that PF is already enabled.
  2. PF is not loaded with this particular ruleset. This can be checked with the -s rules option of pfctl()
  3. Unlikely: the testing system has an established state with the system under test. This can be checked with the -s states option of pfctl().
If none of these guesses are correct, add the log option to your block and pass rules, and inspect pflog(4) traffic with tcpdump(8) while testing with nmap.

Port 51413 is the default TCP port used by Transmission for incoming peers. To function properly, Transmission will need to pass incoming peer traffic.
# pfctl -e                                                                     
pf enabled
# pfctl -s rules
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
# pfctl -s states
all tcp ->       FIN_WAIT_2:FIN_WAIT_2
all tcp ->       FIN_WAIT_2:FIN_WAIT_2
all udp <-       NO_TRAFFIC:SINGLE
all udp <-       NO_TRAFFIC:SINGLE
all udp ->       MULTIPLE:SINGLE
all udp ->       MULTIPLE:SINGLE
Yes I know that transmission will need that port but I want to be in control meaning transmission must not open that port unless I port forward that port.
OpenBSD 6.4
Intel(R) Core(TM) i3-6100 CPU
Ram 4GB
Intel HD Graphics
Reply With Quote