From owner-freebsd-pf@freebsd.org Wed Mar 9 08:13:47 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8B6219DB770; Wed, 9 Mar 2016 08:13:47 +0000 (UTC) (envelope-from daniel.engberg.lists@pyret.net) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [IPv6:2001:4b98:c:538::196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5860F183; Wed, 9 Mar 2016 08:13:47 +0000 (UTC) (envelope-from daniel.engberg.lists@pyret.net) Received: from mfilter13-d.gandi.net (mfilter13-d.gandi.net [217.70.178.141]) by relay4-d.mail.gandi.net (Postfix) with ESMTP id 3D719172097; Wed, 9 Mar 2016 09:13:45 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mfilter13-d.gandi.net Received: from relay4-d.mail.gandi.net ([IPv6:::ffff:217.70.183.196]) by mfilter13-d.gandi.net (mfilter13-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id 32QtUDyAG8yx; Wed, 9 Mar 2016 09:13:43 +0100 (CET) X-Originating-IP: 10.58.1.149 Received: from webmail.gandi.net (webmail9-d.mgt.gandi.net [10.58.1.149]) (Authenticated sender: daniel.engberg@pyret.net) by relay4-d.mail.gandi.net (Postfix) with ESMTPA id 796AB1720A3; Wed, 9 Mar 2016 09:13:43 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 09 Mar 2016 09:13:43 +0100 From: Daniel Engberg To: freebsd-current@freebsd.org Cc: freebsd-pf@freebsd.org Subject: pf/OpenVPN broken on -HEAD/-CURRENT Message-ID: X-Sender: daniel.engberg.lists@pyret.net User-Agent: Roundcube Webmail/1.1.2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Mar 2016 08:13:47 -0000 Hi, I updated one of my firewalls and ran into a bug on -CURRENT that I'm unable to fix myself, I've tried to include all relevant information into the bug report (sorry if this is not the correct way to submit bugs). If anyone as any ideas, questions or patches feel free to send me an email as I'm not subscrubed to these lists. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207831 Sorry for crossposting in both -pf and -current as I don't know which mailing list is most suitable. Best regards, Daniel Engberg From owner-freebsd-pf@freebsd.org Sat Mar 12 21:12:34 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5399FACDFBD for ; Sat, 12 Mar 2016 21:12:34 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: from mbob.nabble.com (mbob.nabble.com [162.253.133.15]) by mx1.freebsd.org (Postfix) with ESMTP id 46278926 for ; Sat, 12 Mar 2016 21:12:33 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: from msam.nabble.com (unknown [162.253.133.85]) by mbob.nabble.com (Postfix) with ESMTP id EAD2522CDD84 for ; Sat, 12 Mar 2016 13:03:14 -0800 (PST) Date: Sat, 12 Mar 2016 14:12:33 -0700 (MST) From: yfeldman To: freebsd-pf@freebsd.org Message-ID: <1457817153116-6084130.post@n5.nabble.com> Subject: unable to block port on MacBook Pro MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2016 21:12:34 -0000 I am trying to block the process that is listening upon the port 9110 on my MacBook Pro in order to simulate network interruption. If I have the following rule: ------------------------------------------------------------------- block drop quick on ALL proto tcp from any to any port = 9110 -------------------------------------------------------------------- my second process has successfully communicated with the blocked port, and the client has successfully sent requests to the blocked process. The best I could achieve is blocking all process communications with these list of rules: --------------------- block drop in all block drop out all --------------------- However, it is not exactly what I need. Am I missing anything? Any commnets/suggestion will be appreciated. Here is my lsof command output: >> lsof -i | grep 9110 java 41243 yfe 132u IPv6 0x1e7d5327e0e36555 0t0 TCP 192.168.1.68:58772->192.168.1.68:9110 (ESTABLISHED) java 41243 yfe 145u IPv6 0x1e7d5327e0f43035 0t0 TCP 192.168.1.68:58777->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 133u IPv6 0x1e7d5327e116eab5 0t0 TCP 192.168.1.68:58747->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 147u IPv6 0x1e7d5327e0e3a075 0t0 TCP 192.168.1.68:58756->192.168.1.68:9110 (ESTABLISHED) java 41253 yfe 201u IPv6 0x1e7d5327e0e38595 0t0 TCP *:9110 (LISTEN) java 41253 yfe 278u IPv6 0x1e7d5327e0e39055 0t0 TCP 192.168.1.68:9110->192.168.1.68:58747 (ESTABLISHED) java 41253 yfe 279u IPv6 0x1e7d5327e4a195b5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58756 (ESTABLISHED) java 41253 yfe 280u IPv6 0x1e7d5327e5560035 0t0 TCP 192.168.1.68:9110->192.168.1.68:58772 (ESTABLISHED) java 41253 yfe 281u IPv6 0x1e7d5327e0f43af5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58777 (ESTABLISHED) -- View this message in context: http://freebsd.1045724.n5.nabble.com/unable-to-block-port-on-MacBook-Pro-tp6084130.html Sent from the freebsd-pf mailing list archive at Nabble.com. From owner-freebsd-pf@freebsd.org Sat Mar 12 21:32:21 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 287BDACE6D0 for ; Sat, 12 Mar 2016 21:32:21 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DAB28F56 for ; Sat, 12 Mar 2016 21:32:20 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: by mail-vk0-x22a.google.com with SMTP id e6so171123177vkh.2 for ; Sat, 12 Mar 2016 13:32:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Idrcb55r7f1RfPnq++egmbPvngdKnihHFVO/in35noc=; b=vItHL24lHMYO/geZDdGKLQFcx7Im5IrA5pNIZfAa3j4BxwhBnZyQ3q5h0AK+Rd/P/N bTwJ5AB/bFSY5FcSj22aOql6UHKpBPPRPlhA6Q5y9MJRV13YFvcKj+9KSP6F0d/yzS22 UALpDZjili39SKgnvoMwlfHh06yEftVVVD/0nkfOdyFILKHiubHbQuwmMMbcGPTdu1Hs 96V+G0MUtMfRws5FS9kZetynLji1b/GHn+Og7CjrsmmGOXPIetIBweWvYluT2GNsurem B+/koeM8HtwiqOf/j29cj6TPK8aARIeeseH8wOmzmTcsCWfBcOX4tKVpZQ+0zEOnjJvv jpJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Idrcb55r7f1RfPnq++egmbPvngdKnihHFVO/in35noc=; b=Hl6RvI/43I0i7kI9Io8e0nNZ/IwRfGvQTIHscaOWpQeUTG39R4hg69B8Pzm2egdPK3 W0AGG912uFQrZ05HpYnf7cANgxfxyLin9oLj1aShWpldWhNmAT25RFtGlVctVNgPqbXI 35whZXLpDgsadgHngREF7VT6IOWITq86nyIUP2NkEwmRM23EF65izhbcqsy6j+fDsYM0 fnjkUKB7nt4gkYPFUgIwlmKXBAR6vyX5+p05fuFnaRwz3rf4gmmVUacUA3qKgpDJ7GJw oqfKkNKzhOjK+gWvWyOCEGRgWZ1JXlNqgAQLC8M7K3DII5FB/fOSzhX9gknAB/myyquA hs/g== X-Gm-Message-State: AD7BkJLFZZDdSyMw2mXjcr8g15sRFgFihpWtWwNyvryITft61AijMnTKBDdQ7fH6QUnZiyW9bLfJoOngqHgQXQ== X-Received: by 10.31.108.148 with SMTP id j20mr17481359vki.156.1457818339467; Sat, 12 Mar 2016 13:32:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.176.0.54 with HTTP; Sat, 12 Mar 2016 13:31:40 -0800 (PST) From: Yakov Feldman Date: Sat, 12 Mar 2016 13:31:40 -0800 Message-ID: Subject: unable to block port on MacBook Pro To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2016 21:32:21 -0000 I am trying to block the process that is listening upon the port 9110 on my MacBook Pro in order to simulate network interruption. If I have the following rule: ------------------------------------------------------------------- block drop quick on ALL proto tcp from any to any port = 9110 -------------------------------------------------------------------- my second process has successfully communicated with the blocked port, and the client has successfully sent requests to the blocked process. The best I could achieve is blocking all process communications with these list of rules: --------------------- block drop in all block drop out all --------------------- However, it is not exactly what I need. Am I missing anything? Any commnets/suggestion will be appreciated. Here is my lsof command output: >> lsof -i | grep 9110 java 41243 yfe 132u IPv6 0x1e7d5327e0e36555 0t0 TCP 192.168.1.68:58772->192.168.1.68:9110 (ESTABLISHED) java 41243 yfe 145u IPv6 0x1e7d5327e0f43035 0t0 TCP 192.168.1.68:58777->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 133u IPv6 0x1e7d5327e116eab5 0t0 TCP 192.168.1.68:58747->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 147u IPv6 0x1e7d5327e0e3a075 0t0 TCP 192.168.1.68:58756->192.168.1.68:9110 (ESTABLISHED) java 41253 yfe 201u IPv6 0x1e7d5327e0e38595 0t0 TCP *:9110 (LISTEN) java 41253 yfe 278u IPv6 0x1e7d5327e0e39055 0t0 TCP 192.168.1.68:9110->192.168.1.68:58747 (ESTABLISHED) java 41253 yfe 279u IPv6 0x1e7d5327e4a195b5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58756 (ESTABLISHED) java 41253 yfe 280u IPv6 0x1e7d5327e5560035 0t0 TCP 192.168.1.68:9110->192.168.1.68:58772 (ESTABLISHED) java 41253 yfe 281u IPv6 0x1e7d5327e0f43af5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58777 (ESTABLISHED)