i am trying to block uploading in qBittorrent with pf but it 's fail .
pf.conf :
tcpdump output :
pf.conf :
Code:
#***********************************************************************************************#
# #
# Macros #
# #
#***********************************************************************************************#
# network card
ext_if="sis0"
net_card="sis0"
# tcp port services
tcp_ports="{22, 80 ,https ,domain ,auth ,21 ,3306}"
# udp port services
udp_ports="{domain ,23399}"
# ICMP types
icmp_types="echoreq"
# ip's
local_ip="{192.168.0.0/16, 127.0.0.1}"
#***********************************************************************************************#
# #
# Tables #
# #
#***********************************************************************************************#
#table <banned> persist file "/etc/pf/banned"
#***********************************************************************************************#
# #
# Options #
# #
#***********************************************************************************************#
#set ruleset-optimization basic
#set optimization normal
set block-policy drop
set skip on lo0
#scrub in on $net_card all fragment reassemble
#scrub on $net_card all reassemble tcp
#***********************************************************************************************#
# #
# Rules #
# #
#***********************************************************************************************#
# block any thing in or out
block drop in log(all) on $net_card all
block drop out log(all) on $net_card all
block in log quick proto tcp flags FUP/WEUAPRSF
block in log quick proto tcp flags WEUAPRSF/WEUAPRSF
block in log quick proto tcp flags SRAFU/WEUAPRSF
block in log quick proto tcp flags /WEUAPRSF
block in log quick proto tcp flags SR/SR
block in log quick proto tcp flags SF/SF
block out log quick proto udp from any to any port 6881
# passing traffic to sis from trusted ports
#pass in on $net_card from $local_ip to any keep state
pass in on $net_card proto tcp from any port $tcp_ports to any keep state
pass in on $net_card proto {tcp, udp} from $local_ip to $local_ip keep state
pass in on $net_card proto igmp all allow-opts
# pass out traffic to trusted ports
pass out on $net_card proto tcp from any to any port $tcp_ports
pass out on $net_card proto udp from any to any port $udp_ports
pass out on $net_card proto igmp all allow-opts
# pass ICMP 'echoreq' traffic
pass out on $net_card inet proto icmp all icmp-type $icmp_types keep state
# passing ftp packet
pass out on $net_card inet proto tcp from any to any port ftp
pass out on $net_card inet proto tcp from any to any port > 1023
Code:
[root@localhost /]# tcpdump -n -e -ttt -i pflog0 -vv port 6881
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
00:00:00.000000 rule 8/0(match): block out on sis0: (tos 0x0, ttl 64, id 13266, offset 0, flags [none], proto UDP (17), length 132)
192.168.1.2.6881 > x.x.x.x.6881: UDP, length 104
00:00:01.398401 rule 1/0(match): block out on sis0: (tos 0x0, ttl 64, id 13307, offset 0, flags [none], proto UDP (17), length 93)
192.168.1.2.6881 > x.x.x.x.12956: UDP, length 65
00:00:00.016009 rule 1/0(match): block out on sis0: (tos 0x0, ttl 64, id 13308, offset 0, flags [none], proto UDP (17), length 93)
192.168.1.2.6881 > x.x.x.x.25585: UDP, length 65
00:00:01.012143 rule 1/0(match): block out on sis0: (tos 0x0, ttl 64, id 13334, offset 0, flags [none], proto UDP (17), length 93)
192.168.1.2.6881 > x.x.x.x.42694: UDP, length 65
00:00:06.382915 rule 1/0(match): block out on sis0: (tos 0x0, ttl 64, id 13589, offset 0, flags [none], proto UDP (17), length 93)
192.168.1.2.6881 > x.x.x.x.16696: UDP, length 65
00:05:14.094309 rule 8/0(match): block out on sis0: (tos 0x0, ttl 64, id 18586, offset 0, flags [none], proto UDP (17), length 129)
192.168.1.2.6881 > x.x.x.x.6881: UDP, length 101