From owner-freebsd-pf@freebsd.org Sat Mar 12 21:12:34 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5399FACDFBD for ; Sat, 12 Mar 2016 21:12:34 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: from mbob.nabble.com (mbob.nabble.com [162.253.133.15]) by mx1.freebsd.org (Postfix) with ESMTP id 46278926 for ; Sat, 12 Mar 2016 21:12:33 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: from msam.nabble.com (unknown [162.253.133.85]) by mbob.nabble.com (Postfix) with ESMTP id EAD2522CDD84 for ; Sat, 12 Mar 2016 13:03:14 -0800 (PST) Date: Sat, 12 Mar 2016 14:12:33 -0700 (MST) From: yfeldman To: freebsd-pf@freebsd.org Message-ID: <1457817153116-6084130.post@n5.nabble.com> Subject: unable to block port on MacBook Pro MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2016 21:12:34 -0000 I am trying to block the process that is listening upon the port 9110 on my MacBook Pro in order to simulate network interruption. If I have the following rule: ------------------------------------------------------------------- block drop quick on ALL proto tcp from any to any port = 9110 -------------------------------------------------------------------- my second process has successfully communicated with the blocked port, and the client has successfully sent requests to the blocked process. The best I could achieve is blocking all process communications with these list of rules: --------------------- block drop in all block drop out all --------------------- However, it is not exactly what I need. Am I missing anything? Any commnets/suggestion will be appreciated. Here is my lsof command output: >> lsof -i | grep 9110 java 41243 yfe 132u IPv6 0x1e7d5327e0e36555 0t0 TCP 192.168.1.68:58772->192.168.1.68:9110 (ESTABLISHED) java 41243 yfe 145u IPv6 0x1e7d5327e0f43035 0t0 TCP 192.168.1.68:58777->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 133u IPv6 0x1e7d5327e116eab5 0t0 TCP 192.168.1.68:58747->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 147u IPv6 0x1e7d5327e0e3a075 0t0 TCP 192.168.1.68:58756->192.168.1.68:9110 (ESTABLISHED) java 41253 yfe 201u IPv6 0x1e7d5327e0e38595 0t0 TCP *:9110 (LISTEN) java 41253 yfe 278u IPv6 0x1e7d5327e0e39055 0t0 TCP 192.168.1.68:9110->192.168.1.68:58747 (ESTABLISHED) java 41253 yfe 279u IPv6 0x1e7d5327e4a195b5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58756 (ESTABLISHED) java 41253 yfe 280u IPv6 0x1e7d5327e5560035 0t0 TCP 192.168.1.68:9110->192.168.1.68:58772 (ESTABLISHED) java 41253 yfe 281u IPv6 0x1e7d5327e0f43af5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58777 (ESTABLISHED) -- View this message in context: http://freebsd.1045724.n5.nabble.com/unable-to-block-port-on-MacBook-Pro-tp6084130.html Sent from the freebsd-pf mailing list archive at Nabble.com.