From owner-freebsd-pf@FreeBSD.ORG  Thu Nov 16 18:28:37 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F07B816A412
	for <freebsd-pf@freebsd.org>; Thu, 16 Nov 2006 18:28:37 +0000 (UTC)
	(envelope-from travis@subspacefield.org)
Received: from nexus.subspacefield.org (nexus.subspacefield.org [64.39.14.82])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F233A43D6E
	for <freebsd-pf@freebsd.org>; Thu, 16 Nov 2006 18:28:33 +0000 (GMT)
	(envelope-from travis@subspacefield.org)
Received: by nexus.subspacefield.org (Postfix, from userid 1003)
	id 931F064F68C; Thu, 16 Nov 2006 12:28:32 -0600 (CST)
Date: Thu, 16 Nov 2006 12:28:32 -0600
From: "Travis H." <travis@subspacefield.org>
To: Andrei Kolu <antik@bsd.ee>
Message-ID: <20061116182832.GA14170@nexus.subspacefield.org>
References: <56217.24.161.8.173.1159492654.squirrel@mail.poklib.org>
	<200611151910.53727.antik@bsd.ee>
	<20061116100307.GC32666@nexus.subspacefield.org>
	<200611162011.21765.antik@bsd.ee>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200611162011.21765.antik@bsd.ee>
User-Agent: Mutt/1.5.11
Cc: freebsd-pf@freebsd.org
Subject: Re: problems connecting samba shares
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2006 18:28:38 -0000

On Thu, Nov 16, 2006 at 08:11:21PM +0200, Andrei Kolu wrote:
> Yes, I understand that SMB is bad, but why PF blocks port that is opened with 
> rules?
> 
> /etc/pf.conf:
> pass in on rl0 proto udp from any to (rl0) port 137 keep state
> 
> # tcpdump -n -e -ttt -i pflog0:
> rule 0/0(match): block in on rl0: 192.168.2.100.137 > 
> 192.168.2.101.53259: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST

Your rule passes IN packets TO *DESTINATION* port 137

The packet you are blocking is coming IN, FROM *SOURCE* port 137

If that isn't clear enough, I can't help you, you need to read a
book on firewalls or TCP/IP.
-- 
"Cryptography is nothing more than a mathematical framework for
discussing various paranoid delusions." -- Don Alvarez
<URL:http://www.subspacefield.org/~travis/> -><-