Tudo, eu sou novo no PF, por favor, perdoe minha ignorância antecipadamente. Estou tentando bloquear uma transmissão SSDP / UDP do meu servidor Plex em um Mac Mini para a LAN. O Mac Mini está no endereço IP interno 192.168.2.11.
Problema para referência com fotos bonitas do WireShark nos Plex Forums aqui
O PF está em execução e minhas regras específicas são carregadas em um arquivo âncora, conforme listado abaixo, com regras de bloco na parte inferior.
Mac-mini-6:~ User$ sudo pfctl -vnf /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
scrub-anchor "/*" all fragment reassemble
nat-anchor "/*" all
rdr-anchor "/*" all
anchor "/*" all
anchor "/*" all
dummynet-anchor "/*" all
Loading anchor com.apple from /etc/pf.anchors/com.apple
anchor "/*" all
anchor "/*" all
Loading anchor plex-ssdp.block from /etc/pf.anchors/plex-ssdp.block
block drop out quick on en0 proto udp from any to any port = 1900
block drop out quick on en1 proto udp from any to any port = 1900
Mac-mini-6:~ User$ sudo pfctl -vnf /etc/pf.anchors/plex-ssdp.block
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
block drop out quick on en0 proto udp from any to any port = 1900
block drop out quick on en1 proto udp from any to any port = 1900
Estou tentando bloquear esta transmissão (abaixo) da 192.168.2.11, que é o próprio Mac Mini executando o Plex, mas minhas regras não parecem funcionar.
$sudo tcpdump -n -s0 port 1900 and udp
IP 192.168.2.11.53952 > 239.255.255.250.1900: UDP, length 101
O firewall pf está em execução e as regras estão funcionando sem erros:
Mac-mini-6:~ User$ sudo pfctl -vvv -s all
No ALTQ support in kernel
ALTQ related functions disabled
TRANSLATION RULES:
@0 nat-anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 46275 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
@0 rdr-anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 105227 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
FILTER RULES:
@0 scrub-anchor "com.apple/*" all fragment reassemble
[ Owner : nil Priority : 0 ]
[ Evaluations: 180874 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
@0 anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 105266 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
@1 anchor "plex-ssdp.block/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 105266 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
DUMMYNET RULES:
@0 dummynet-anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
INFO:
Status: Enabled for 0 days 03:42:26 Debug: Urgent
Neste ponto, não tenho certeza do que perdi. A execução do tcpdump mostra a transmissão e as respostas (veja abaixo) Agradecemos antecipadamente!
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
12:07:51.775753 IP 192.168.2.11.53952 > 239.255.255.250.1900: UDP, length 101
12:07:51.782263 IP 192.168.2.12.1900 > 192.168.2.11.53952: UDP, length 289
12:07:51.783203 IP 192.168.2.15.1900 > 192.168.2.11.53952: UDP, length 289
12:07:51.783207 IP 192.168.2.3.1900 > 192.168.2.11.53952: UDP, length 247
12:07:51.783208 IP 192.168.2.6.1900 > 192.168.2.11.53952: UDP, length 447
12:07:51.783209 IP 192.168.2.3.1900 > 192.168.2.11.53952: UDP, length 251
12:07:51.783210 IP 192.168.2.6.1900 > 192.168.2.11.53952: UDP, length 449
12:07:51.783211 IP 192.168.2.15.1900 > 192.168.2.11.53952: UDP, length 275
12:07:51.783211 IP 192.168.2.12.1900 > 192.168.2.11.53952: UDP, length 275
12:07:51.783212 IP 192.168.2.16.1900 > 192.168.2.11.53952: UDP, length 272
12:07:51.783213 IP 192.168.2.12.1900 > 192.168.2.11.53952: UDP, length 287
12:07:51.784444 IP 192.168.2.15.1900 > 192.168.2.11.53952: UDP, length 287
As âncoras estão tendo regras carregadas, mas não são avaliadas como parece, porque não há referência direta do conjunto de regras principal.
poige 17/09