Quote:
Originally Posted by jggimi
No, it does not. In PF, the last matching rule wins.
The only incoming traffic that is blocked is remote X Terminal traffic (TCP ports 6000-6010), as this is a block that follows your completely wide open pass rule.
The prior block return rule will never be applied, as it will never be the last matching rule.
|
Please give me a secure configuration which basically drops all incoming and allows outgoing.
Code:
# $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
## block return # block stateless traffic
## pass # establish keep-state
block in all
pass out all keep state
# By default, do not permit remote connections to X11
## block return in on ! lo0 proto tcp to port 6000:6010
I tried the above then reloaded PF but when I launch Transmission and run a nmap scan it still shows port
Code:
PORT STATE SERVICE
51413/tcp open unknown