On 08:25 Mon 17 Dec, Claudio Jeker wrote:
> On Sun, Dec 16, 2018 at 05:09:06PM -0500, Ted Unangst wrote:
> > Claudio Jeker wrote:
> > > On Fri, Dec 14, 2018 at 01:26:25PM -0500, Ted Unangst wrote:
> > > > Philip Guenther wrote:
> > > > > And, perhaps more directly, how would I block this in pf.conf?
> > > > > >
> > > > >
> > > > > Excellent choice, blocking dhclient from receiving the leases that it
> > > > > requests.
> > > > > "What problem are you trying to solve?"
> > > >
> > > > Well, this may be something of a lost cause, but I would prefer that
> > > > chrome
> > > > not listen for stuff I don't understand. It listens on port 5353 as
> > > > well, for
> > > > mDNS, and I can block that easily enough. It's the socket without a port
> > > > that's giving me trouble.
> > >
> > > But a socket without a port is not listening on anything. It will not get
> > > any packets. It does not need to be filtered. This is how UDP works, it is
> > > a connectionless protocol.
> >
> > ok, thank you, I was confused because they show up in netstat -ln too. I
> > guess
> > that's just historic how it is behavior.
>
> I guess we should change that. Problem is that UDP does not support
> listen(2) and so there is no listening state. Should netstat exclude all
> of UDP when using -l or what should it show? Only sockets that are bound
> but not connected (local port != 0 but remote addr/port = 0)?
A listening socket is a socket that can "accept" new "connections" --
it's possible to send data to it from some new host (e.g. via sendto).
So
local_port != 0
remote_addr == NULL
is perfectly fine IMO.
