모두, 나는 pf를 처음 접하여 내 무지를 미리 용서하십시오. Mac Mini의 Plex 서버에서 LAN으로 SSDP / UDP 브로드 캐스트를 차단하려고합니다. Mac Mini는 내부 IP 주소 192.168.2.11에 있습니다.
Plex Forums의 예쁜 WireShark 사진과 관련된 문제
PF가 실행 중이고 특정 규칙이 아래에 나열된 앵커 파일에로드되어 아래에 차단 규칙이 맨 아래에 있습니다.
Mac-mini-6:~ User$ sudo pfctl -vnf /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
scrub-anchor "/*" all fragment reassemble
nat-anchor "/*" all
rdr-anchor "/*" all
anchor "/*" all
anchor "/*" all
dummynet-anchor "/*" all
Loading anchor com.apple from /etc/pf.anchors/com.apple
anchor "/*" all
anchor "/*" all
Loading anchor plex-ssdp.block from /etc/pf.anchors/plex-ssdp.block
block drop out quick on en0 proto udp from any to any port = 1900
block drop out quick on en1 proto udp from any to any port = 1900
Mac-mini-6:~ User$ sudo pfctl -vnf /etc/pf.anchors/plex-ssdp.block
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
block drop out quick on en0 proto udp from any to any port = 1900
block drop out quick on en1 proto udp from any to any port = 1900
Plex를 실행하는 Mac Mini 자체 인 192.168.2.11 에서이 브로드 캐스트 (아래)를 차단하려고하지만 규칙이 작동하지 않는 것 같습니다.
$sudo tcpdump -n -s0 port 1900 and udp
IP 192.168.2.11.53952 > 239.255.255.250.1900: UDP, length 101
pf 방화벽은 물론 실행 중이며 규칙은 오류없이 작동합니다.
Mac-mini-6:~ User$ sudo pfctl -vvv -s all
No ALTQ support in kernel
ALTQ related functions disabled
TRANSLATION RULES:
@0 nat-anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 46275 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
@0 rdr-anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 105227 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
FILTER RULES:
@0 scrub-anchor "com.apple/*" all fragment reassemble
[ Owner : nil Priority : 0 ]
[ Evaluations: 180874 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
@0 anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 105266 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
@1 anchor "plex-ssdp.block/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 105266 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
DUMMYNET RULES:
@0 dummynet-anchor "com.apple/*" all
[ Owner : nil Priority : 0 ]
[ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 511 ]
INFO:
Status: Enabled for 0 days 03:42:26 Debug: Urgent
이 시점에서 내가 놓친 것이 확실하지 않습니다. tcpdump를 실행하면 브로드 캐스트 및 응답이 표시됩니다 (아래 참조). 감사합니다!
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
12:07:51.775753 IP 192.168.2.11.53952 > 239.255.255.250.1900: UDP, length 101
12:07:51.782263 IP 192.168.2.12.1900 > 192.168.2.11.53952: UDP, length 289
12:07:51.783203 IP 192.168.2.15.1900 > 192.168.2.11.53952: UDP, length 289
12:07:51.783207 IP 192.168.2.3.1900 > 192.168.2.11.53952: UDP, length 247
12:07:51.783208 IP 192.168.2.6.1900 > 192.168.2.11.53952: UDP, length 447
12:07:51.783209 IP 192.168.2.3.1900 > 192.168.2.11.53952: UDP, length 251
12:07:51.783210 IP 192.168.2.6.1900 > 192.168.2.11.53952: UDP, length 449
12:07:51.783211 IP 192.168.2.15.1900 > 192.168.2.11.53952: UDP, length 275
12:07:51.783211 IP 192.168.2.12.1900 > 192.168.2.11.53952: UDP, length 275
12:07:51.783212 IP 192.168.2.16.1900 > 192.168.2.11.53952: UDP, length 272
12:07:51.783213 IP 192.168.2.12.1900 > 192.168.2.11.53952: UDP, length 287
12:07:51.784444 IP 192.168.2.15.1900 > 192.168.2.11.53952: UDP, length 287
앵커에는 규칙이로드되어 있지만 기본 규칙 세트에서 직접 참조가 없기 때문에 보이는 것처럼 평가되지 않습니다.
—
poige