On 8/26/06, NetNeanderthal <[EMAIL PROTECTED]> wrote:
On 8/26/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > For some reason, I'm not "getting it" when it comes to pf... Two > things I can't figure out: (1) filtered vs blocked for some TCP > ports and (2) rules for tun0, my vpn interface. > > First, my /etc/pf.conf: > > int_if = "vr1" > ext_if = "vr0" > vpn_if = "tun0" > tcp_services = "{ 22 }" > udp_services = "{ 1194 }" > priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" > set block-policy return set block-policy dropThis will cause the default behaviour of your block statements to 'drop' the packet silently (aside from internal logging) rather than 'return' which quite literally returns an ICMP unreachable, which NMAP interprets as a 'filtered' port.
So why are only 8 out of 1663 ports showing as filtered? Is there an ISP or two involved between the scanner and the target? Greg
