View Single Post
  #2   (View Single Post)  
Old 12th November 2012
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,899

Usually TCP/UDP ports are not blocked by default. Unless you run a packet filter and use a default blocking rule. In that case you will have to open an port with an packet filter rule that allows traffic with that destination port out.

If you change the port number to 53 you should be able to use DNS queries like:
 $ dig
Does that work?

My ipfw skills are very rusty. But with "pf" you will have to do something like this

ext_if = re0
block log all
pass out quick on $ext_if inet udp  from any to any port 8125 keep state
Be warned that this blocks everything including incoming ssh, so you should not use this if you are dealing with a remote client

The nice thing with pf is that you can run tcpdump on the /dev/pflog0 device and see the packets which are being blocked.
With the above sample pf.conf udp DNS queries with destination port 53 are being blocked and shown as follows:
$ sudo tcpdump -tttnei pflog0
Nov 12 22:29:29.283970 rule 0/(match) block out on re0: > 8001+[|domain]
Nov 12 22:29:34.292638 rule 0/(match) block out on re0: > 8001+[|domain]
Nov 12 22:29:39.302588 rule 0/(match) block out on re0: > 8001+[|domain]
This is a nice way to debug firewall rules.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote