PFSense : port 0 closed? AFAIK it's not a real port.

LuciferSam

Hello everybody,
here my network
WiMax Antenna (192.168.3.1) –> Alix with WAN interface at 192.168.3.254 --> LAN

now: i've tried "shields up" site against my firewall (with latest PfSense) and:

• With a debian with iptables everything is stealth (0 port, too)
• With PfSense the 0 port it's not stealth but closed.

Should I worry about this port, or should ignore this port?

Thank you

johnpoz

Not sure what you would be doing on pfsense to have it show 0 closed?  Mine doesn't all it shows is port 443 which is the only port I have forwarded in that range scanned..

GRC Port Authority Report created on UTC: 2015-10-31 at 11:10:51

Results from scan of ports: 0-1055

1 Ports Open
  0 Ports Closed
1055 Ports Stealth
–-------------------
1056 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 443

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
                  - NO unsolicited packets were received,
                  - A PING REPLY (ICMP Echo) WAS RECEIVED.

So what does your report say?  Its says 0 is open???  Or you reading this a port 0 is closed?? 0 Ports Closed

Can you post your wan rules..

doktornotor

Oh noes, the Gibson's shit once again. Look, there's zero difference between closed and "stealth", security wise. Also, having a PTR record is not dangerous, contrary to that guy's belief, and responding to ping does not harm anyone either. Finally:

/etc/inc/filter.inc

# We use the mighty pf, we cannot be fooled.
block {$log['block']} quick inet proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
block {$log['block']} quick inet proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"
block {$log['block']} quick inet6 proto { tcp, udp } from any port = 0 to any tracker {$increment_tracker($tracker)} label "Block traffic from port 0"
block {$log['block']} quick inet6 proto { tcp, udp } from any to any port = 0 tracker {$increment_tracker($tracker)} label "Block traffic to port 0"

P.S. Is he still selling the Spinrite snake oil that claims to cure faulty HDDs by superlowlevel format?  ::)

johnpoz

With you 110% on the gibson snakeoil shit dok..

Just trying to understand what the OP is seeing.. since it shouldn't be showing 0 closed even if the test is a bunch of hype about "stealth" ;)

I think the OP is see where it says 0 ports closed as being port 0 ;)

JonathanLee

@johnpoz is port 0 just snake oil sales ? Or is that useable in Linux ? Or any os?

Gertjan

@JonathanLee

The concept of "port 0" was probably be introduced to make people aware of the fact that a protocol like ICMP doesn't use a "ports".
Dono why "0" was chosen.
N/A is probably also a good choice.
Or a "syntax error".

Remember : Gybson had to make pure rocket science (back then) clear to the public.