Can't block port

Discussion in 'Mac Basics and Help' started by Jethryn Freyman, Apr 9, 2009.

  1. Jethryn Freyman macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #1
    I have a port I would like to block, but I'm having a little difficulty.

    Example: I don't use Kerberos, but port 88 is still open. I've tried using ipfw to block the port, but it is still open.

    Code:
    deny tcp from any to any dst-port 88
    What is keeping this port open?
     
  2. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #2
    Mac OS X's firewall isn't getting the job done?
     
  3. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #3
    No, it works by blocking applications, not specific ports. IPFW should be blocking the port, but I don't know why it isn't. There aren't any conflicting allow rules.
     
  4. loveturtle macrumors member

    Joined:
    Apr 7, 2006
    Location:
    Florida
    #4
    Are you sure it's not working and what you have open is the udp port?

    How about "deny all from any to me 88"
    Also, use "ipfw -a list" to take a look at packet counters for the rule. You can see if the rule is being hit or not.

    Or, Make a deny rule for udp and then for tcp do "reset tcp from any to me 88"
    that will actually return a tcp rst so someone poking at your port will get "connection refused" which makes it look like it's really closed. if they just don't get a response it's obviously firewalled.
     
  5. Jethryn Freyman thread starter macrumors 68020

    Jethryn Freyman

    Joined:
    Aug 9, 2007
    Location:
    Australia
    #5
    Found my problem.

    The port was closed to all outside sources, but ipfw was allowing all traffic on the loopback interface. I had to add the new rule above the rule allowing traffic through the loopback interface.

    Dumb mistake by me.

    Thanks anyway :)
     

Share This Page