# Oident on PF.



## concept (Mar 7, 2012)

Hi, what is the best rule to block incoming connection to port 113? I'm running oidentd service for irc and have this rule on my pf.conf


```
pass in on em0 proto { tcp, udp } from { 208.83.20.130 130.237.188.216 194.109.20.90 } to port 113 keep state
```

the IPs are the ip of the allowed irc servers. Problem is i can still telnet to my fbsd on port 113.

Thanks in advance.


----------



## razrx (Mar 7, 2012)

There should also be a block rule.


----------



## concept (Mar 7, 2012)

I have this on my first line to block all by default.


```
# Block all
block in log all
```


----------



## razrx (Mar 7, 2012)

```
block in on em0 proto { tcp, udp } from any to any port 113
pass in on em0 proto { tcp, udp } from { 208.83.20.130 130.237.188.216 194.109.20.90 } to port 113
```

As long as you're not using the quick parameter pf(4)() uses a last match wins for rule processing.
You can lose the keep state, pf(4)() uses that by default.


----------



## kpa (Mar 7, 2012)

Do you actually need to have an identd service? I'm just returning an RST to any legit looking queries from IRC servers (at the moment legit means from my own country) and just stealth the port for everyone else.

```
block return-rst in log quick on $WAN proto tcp from $IP_FINLAND to any port auth
```


----------

