Thread: Just want to make sure my pf is configured properly
View Single Post
  #9   (View Single Post)  
Old 2nd December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
  
Join Date: May 2008
Location: USA
Posts: 7,983
Default
Your concern is TCP port 51413, which is "open" when you have a ruleset that apparently blocks all incoming traffic. I can think of 3 possible answers:
  1. PF is not enabled, so the ruleset has no effect. This can be checked with the -e option of pfctl(8). It will enable PF if disabled, or tell you that PF is already enabled.
  2. PF is not loaded with this particular ruleset. This can be checked with the -s rules option of pfctl()
  3. Unlikely: the testing system has an established state with the system under test. This can be checked with the -s states option of pfctl().
If none of these guesses are correct, add the log option to your block and pass rules, and inspect pflog(4) traffic with tcpdump(8) while testing with nmap.


Port 51413 is the default TCP port used by Transmission for incoming peers. To function properly, Transmission will need to pass incoming peer traffic.
Reply With Quote