testing pf block all rules with Nmap.

[bsdnewbie999]

i having the following block all policy.

Code:

# Macros
int_if="vic0"

#Table
table <goodguys> const { 192.168.4.55, 192.168.4.56, 192.168.4.57, 192.168.4.58, 192.168.4.59, 192.168.4.60 } 
table <private> const { 192.168.0.0/16, 172.16.0.0/16, 10.0.0.0/8 }

#don't filter on loopback interface 
set timeout interval 10
set timeout frag 30
set limit { frags 5000, states 2500 }
set optimization normal
set block-policy drop
set loginterface $int_if
set skip on lo0

#scrub
scrub in all

#Default deny
block all 


#Passing Traffic

By default it should block all incoming and outgoing traffic but i tested with Nmap from my laptop and it shows that port 21 ftp is open. I was confused because of the open 21 port.

Code:

C:Program Files\Nmap>nmap -sT 192.168.59.78

Starting Nmap 4.76 ( http://nmap.org ) at 2009-03-25 14:52 Pacific Standard Time

Interesting ports on 192.168.59.78:
Not shown: 999 filtered ports
PORT   STATE SERVICE
21/tcp open  ftp
MAC Address: 00:13:02:BF:92:F8 (Intel Corporate)

Nmap done: 1 IP address (1 host up) scanned in 45.44 seconds

C:\Program Files\Nmap>

Because I was expecting all port are filtered.
I'm running openbsd using vmware from my windows XP.

[jggimi]

If that is your entire pf.conf -- no pass rules whatsoever -- then I would tend to think the port 21 connection that you see from is some sort of artifact from vmware, or from vmware-under-Windows.

The default install does not have ftpd(8) enabled, and does not listen on TCP port 21. To enable ftpd, you must either start it from inetd(8) or from ftpd_flags="-D" in rc.conf.local(5).

You could try telnetting from your windows system and see what responds at that port.