From owner-freebsd-pf@freebsd.org Sat Mar 12 21:32:21 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 287BDACE6D0 for ; Sat, 12 Mar 2016 21:32:21 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DAB28F56 for ; Sat, 12 Mar 2016 21:32:20 +0000 (UTC) (envelope-from yafeldman@gmail.com) Received: by mail-vk0-x22a.google.com with SMTP id e6so171123177vkh.2 for ; Sat, 12 Mar 2016 13:32:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Idrcb55r7f1RfPnq++egmbPvngdKnihHFVO/in35noc=; b=vItHL24lHMYO/geZDdGKLQFcx7Im5IrA5pNIZfAa3j4BxwhBnZyQ3q5h0AK+Rd/P/N bTwJ5AB/bFSY5FcSj22aOql6UHKpBPPRPlhA6Q5y9MJRV13YFvcKj+9KSP6F0d/yzS22 UALpDZjili39SKgnvoMwlfHh06yEftVVVD/0nkfOdyFILKHiubHbQuwmMMbcGPTdu1Hs 96V+G0MUtMfRws5FS9kZetynLji1b/GHn+Og7CjrsmmGOXPIetIBweWvYluT2GNsurem B+/koeM8HtwiqOf/j29cj6TPK8aARIeeseH8wOmzmTcsCWfBcOX4tKVpZQ+0zEOnjJvv jpJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Idrcb55r7f1RfPnq++egmbPvngdKnihHFVO/in35noc=; b=Hl6RvI/43I0i7kI9Io8e0nNZ/IwRfGvQTIHscaOWpQeUTG39R4hg69B8Pzm2egdPK3 W0AGG912uFQrZ05HpYnf7cANgxfxyLin9oLj1aShWpldWhNmAT25RFtGlVctVNgPqbXI 35whZXLpDgsadgHngREF7VT6IOWITq86nyIUP2NkEwmRM23EF65izhbcqsy6j+fDsYM0 fnjkUKB7nt4gkYPFUgIwlmKXBAR6vyX5+p05fuFnaRwz3rf4gmmVUacUA3qKgpDJ7GJw oqfKkNKzhOjK+gWvWyOCEGRgWZ1JXlNqgAQLC8M7K3DII5FB/fOSzhX9gknAB/myyquA hs/g== X-Gm-Message-State: AD7BkJLFZZDdSyMw2mXjcr8g15sRFgFihpWtWwNyvryITft61AijMnTKBDdQ7fH6QUnZiyW9bLfJoOngqHgQXQ== X-Received: by 10.31.108.148 with SMTP id j20mr17481359vki.156.1457818339467; Sat, 12 Mar 2016 13:32:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.176.0.54 with HTTP; Sat, 12 Mar 2016 13:31:40 -0800 (PST) From: Yakov Feldman Date: Sat, 12 Mar 2016 13:31:40 -0800 Message-ID: Subject: unable to block port on MacBook Pro To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2016 21:32:21 -0000 I am trying to block the process that is listening upon the port 9110 on my MacBook Pro in order to simulate network interruption. If I have the following rule: ------------------------------------------------------------------- block drop quick on ALL proto tcp from any to any port = 9110 -------------------------------------------------------------------- my second process has successfully communicated with the blocked port, and the client has successfully sent requests to the blocked process. The best I could achieve is blocking all process communications with these list of rules: --------------------- block drop in all block drop out all --------------------- However, it is not exactly what I need. Am I missing anything? Any commnets/suggestion will be appreciated. Here is my lsof command output: >> lsof -i | grep 9110 java 41243 yfe 132u IPv6 0x1e7d5327e0e36555 0t0 TCP 192.168.1.68:58772->192.168.1.68:9110 (ESTABLISHED) java 41243 yfe 145u IPv6 0x1e7d5327e0f43035 0t0 TCP 192.168.1.68:58777->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 133u IPv6 0x1e7d5327e116eab5 0t0 TCP 192.168.1.68:58747->192.168.1.68:9110 (ESTABLISHED) java 41244 yfe 147u IPv6 0x1e7d5327e0e3a075 0t0 TCP 192.168.1.68:58756->192.168.1.68:9110 (ESTABLISHED) java 41253 yfe 201u IPv6 0x1e7d5327e0e38595 0t0 TCP *:9110 (LISTEN) java 41253 yfe 278u IPv6 0x1e7d5327e0e39055 0t0 TCP 192.168.1.68:9110->192.168.1.68:58747 (ESTABLISHED) java 41253 yfe 279u IPv6 0x1e7d5327e4a195b5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58756 (ESTABLISHED) java 41253 yfe 280u IPv6 0x1e7d5327e5560035 0t0 TCP 192.168.1.68:9110->192.168.1.68:58772 (ESTABLISHED) java 41253 yfe 281u IPv6 0x1e7d5327e0f43af5 0t0 TCP 192.168.1.68:9110->192.168.1.68:58777 (ESTABLISHED)