From owner-freebsd-pf@FreeBSD.ORG Tue Oct 24 19:32:15 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B7CF116A416 for ; Tue, 24 Oct 2006 19:32:15 +0000 (UTC) (envelope-from antik@bsd.ee) Received: from a5.virtuaal.com (a5.virtuaal.com [195.222.15.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CBCE43D5E for ; Tue, 24 Oct 2006 19:32:12 +0000 (GMT) (envelope-from antik@bsd.ee) Received: from pc134.host2.ida.starman.ee ([62.65.241.134] helo=[192.168.2.100]) by a5.virtuaal.com with esmtpsa (SSLv3:AES256-SHA:256) (Exim 4.52) id 1GcS0P-0007H8-9u for freebsd-pf@freebsd.org; Tue, 24 Oct 2006 22:32:09 +0300 From: Andrei Kolu To: freebsd-pf@freebsd.org Date: Tue, 24 Oct 2006 22:32:06 +0300 User-Agent: KMail/1.9.4 References: <2c84c1de0610231318m170dfe55wbc4f3af4fc929b22@mail.gmail.com> <200610242127.33703.antik@bsd.ee> <6a1189840610241208k701bfa53v44035536f06d8c91@mail.gmail.com> In-Reply-To: <6a1189840610241208k701bfa53v44035536f06d8c91@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200610242232.07076.antik@bsd.ee> X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - a5.virtuaal.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - bsd.ee X-Source: X-Source-Args: X-Source-Dir: Subject: Re: pf firewall shows ports are open? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Oct 2006 19:32:15 -0000 On Tuesday 24 October 2006 10:08 pm, you wrote: > On 10/24/06, Andrei Kolu wrote: > > I got strange problem here, looks like I am dumb enough to understand > > this. > > > > My current PF rules: > > --cut-- > > > nmap 192.168.2.100 > > i haven't looked at your pf-rules properly, but you're scanning from > inside the LAN ? > if you need your firewall to block outside access, you should scan > from the outside I want to block all access, not just outside. Or it shows open ports because I scanned from same computer? Now I understand- scanned from other computer: ----------------------------------------------------------------------------------- Interesting ports on 192.168.2.100: Not shown: 1679 filtered ports PORT STATE SERVICE 80/tcp closed http MAC Address: 00:50:8D:xx:xx:xx (Abit Computer) Nmap finished: 1 IP address (1 host up) scanned in 24.686 seconds ----------------------------------------------------------------------------------- Scanned from localhost: ----------------------------------------------------------------------------------- Interesting ports on 192.168.2.100: Not shown: 1676 closed ports PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp Nmap finished: 1 IP address (1 host up) scanned in 14.438 seconds ----------------------------------------------------------------------------------- OK, looks like my firewall is in working condition actually, only problem now- I can't connect to SMB shares for some reasons....