Develop Reference

I need to block all but one IP address from access to Mongo running on my local Mac using packet filter

Could someone help me block all incoming traffic on my network which has port forwarding set up on the router to allow incoming requests on port 27017 to be sent to the Mac running Mongo internally except for one IP address which I can specify? I tried loading a new anchor file from /etc/pf.conf. In that file I've put the following:
rdr pass on lo0 inet proto udp from xxx.xxx.xxx.xxx to any port 27017 -> 127.0.0.1 port 27017
rdr pass on lo0 inet proto tcp from xxx.xxx.xxx.xxx to any port 27017 -> 172.0.0.1 port 27017
where xxx.xxx.xxx.xxx is the IP address I want to allow in. It does allow that address in, but I think I need to do something else to block all others. The documentation of this stuff is very dense. Any help would be appreciated.

Creating a virtual switch for Hyper-v stops host from receiving udp multicast

Basically my issue is that I am unable to receive multicast udp packets (streaming video) once I have created an external virtual switch via the Hyper-V manager which is required to provide the guest OS full networking.
If I use VLC and play an RTSP url on my host without a virtual switch then it plays without any issues, once I add the virtual switch I am no longer able to play the multicast RTSP url.
Back Story
I have created a couple docker services to run in an Ubuntu 16.04 VM environment on my Windows 10 Pro host via Hyper-v. My docker service needs to be able to receive multicast udp packets which I have successfully done using VirtualBox... but I want to use Hyper-v. Once I solve why my host isn't able to receive multicast then I'll move along and test to make sure my container is able to as well.
Info
When executing this show joins command while attempting to stream the multicast RTSP url then the 239.168.1.75 address on the virtual switch increases its reference count properly, then after VLC is closed, the reference count goes back down, so it looks like it's joining/leaving the group correctly.
netsh interface ip show joins
Interface 1: Loopback Pseudo-Interface 1
Scope References Last Address
---------- ---------- ---- ---------------------------------
0 0 Yes 224.0.0.251
0 4 Yes 239.255.255.250
Interface 28: vEthernet (New Virtual Switch)
Scope References Last Address
---------- ---------- ---- ---------------------------------
0 0 Yes 224.0.0.1
0 3 Yes 224.0.0.251
0 1 Yes 224.0.0.252
0 0 Yes 239.168.1.75
0 4 Yes 239.255.255.250
Interface 15: Local Area Connection* 5
Scope References Last Address
---------- ---------- ---- ---------------------------------
0 0 Yes 224.0.0.1
route print
===========================================================================
Interface List
15...00 ff 10 60 55 c4 ......Juniper Network Connect Virtual Adapter
28...9c eb e8 35 1a 1e ......Hyper-V Virtual Ethernet Adapter
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.138 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.138 281
192.168.1.138 255.255.255.255 On-link 192.168.1.138 281
192.168.1.255 255.255.255.255 On-link 192.168.1.138 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.138 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.138 281
===========================================================================
Persistent Routes:
None
Igmpquery (https://code.google.com/archive/p/igmpquery)
When using this tool I am able to query the network and get responses when the virtual switch is removed, but once it's added again, it fails.
With Virtual Switch
IGMP query generator V1.4
Project web site: http://code.google.com/p/igmpquery/
Requires WinPcap
\Device\NPF_{807EAC56-4C04-424D-9DDE-4411FB900E3C}
Description: Juniper Network Connect Virtual Adapter
Address Family Name: AF_INET
Address: 0.0.0.0
Netmask: 255.0.0.0
Broadcast Address: 0.0.0.0
IGMPv2 general query 0.0.0.0 -> 224.0.0.1
listening for responses ...
\Device\NPF_{27895664-EDF7-44E0-9753-E549EDCAD6E7}
Description: Realtek USB NIC
No Virtual Switch
IGMP query generator V1.4
Project web site: http://code.google.com/p/igmpquery/
Requires WinPcap
\Device\NPF_{807EAC56-4C04-424D-9DDE-4411FB900E3C}
Description: Juniper Network Connect Virtual Adapter
Address Family Name: AF_INET
Address: 0.0.0.0
Netmask: 255.0.0.0
Broadcast Address: 0.0.0.0
IGMPv2 general query 0.0.0.0 -> 224.0.0.1
listening for responses ...
\Device\NPF_{27895664-EDF7-44E0-9753-E549EDCAD6E7}
Description: Realtek USB NIC
Address Family Name: AF_INET
Address: 192.168.1.138
Netmask: 255.255.255.0
Broadcast Address: 0.0.0.0
IGMPv2 general query 192.168.1.138 -> 224.0.0.1
listening for responses ...
15:44:06.551 192.168.1.85 -> 224.0.0.252 IGMP Rpt 224.0.0.252
15:44:06.593 192.168.1.71 -> 224.0.0.251 IGMP Rpt 224.0.0.251
15:44:06.624 192.168.1.79 -> 224.0.0.252 IGMP Rpt 224.0.0.252
15:44:06.828 192.168.1.89 ->239.255.255.250 IGMP Rpt 239.255.255.250

I'm not 100% sure what the magic bullet was although it's now working.
Remove the virtual switch
Reset network settings
netsh winsock reset
netsh int ip reset
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh advfirewall set allprofiles state off
Reboot
Add virtual switch
Reboot
Now when running the igmp tool I was getting responses from my own PC from within the virtual switch but no other devices on my main network
Uninstalled VirtualBox
Seemingly no help
Get frustrated, go to sleep
Once I woke up the next day and ran the igmp tool I started receiving replies from devices on my main network outside the virtual switch
Tested streaming multicast and everything worked great

How to restart my network properly after binding two ips with single nic in debian?

I have binded two ips with single nic (Network Interface Card) in debian this way.
step 1:
vim /etc/network/interfaces into the following format:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
auto eth0:1
iface eth0 inet static
address 192.168.1.101
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
Now 192.168.1.100 and 192.168.1.100 are all binded with my local nic.
step2:
vim /etc/network/ifstate into the following format:
lo=lo
eth0=eth0
eth0:1=eth0:1
It is time to restart my network now.
/etc/init.d/networking restart
[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[....] Reconfiguring network interfaces...RTNETLINK answers: File exists
Failed to bring up eth0.
Ignoring unknown interface eth0:1=eth0:1.
done.
ifdown eth0 && ifup eth0
ifdown: interface eth0 not configured
RTNETLINK answers: File exists
Failed to bring up eth0.
The two ip have been binded with single NIC when to reboot my pc.
I want to know the proper way to restart networking not to reboot it.

Typically to stop/start/restart the network interface on Debian:
/etc/init.d/networking stop
/etc/init.d/networking start
/etc/init.d/networking restart
To verify changes after making changes and restarting:
ifconfig -a
https://wiki.debian.org/Bonding

pf NAT for local originated traffic

I am trying to proxy 22 traffic, originated from my machine, so it will be proxied / forwarded to a remote server. This was very easy with ipfw but Yosemite has only pf ....
Did anyone found out how to rdr on local (originated from the machine) traffic on OSX Yosemite ?
this is not working !
# Custom pf Rules
#######################################
# target_ip is the ip of which I would like traffic to be proxied
target_ip = "10.0.0.2”
# porxy_ip is the proxy address
porxy_ip = "192.168.1.100”
rdr pass log on lo0 proto tcp from en0 to $target_ip port 80 -> $porxy_ip port 8080
pass out on en0 route-to lo0 inet proto tcp from en0 to $target_ip port 80 keep state
# End
any advise ?

Assign static local ip address to OS inside virtual machine with bridged connection

I have win 7 OS on my laptop, and linux(debian 7) inside vmware. I have set the debian to have bridged connection with the network. I am connected by wifi, and if the wifi modem is being restarted the local ip address of the debian changes, e.g. from 192.168.0.106 to 192.168.0.102. Is there a way to set the local ip address, so it will always remain the same ?
Thanks

You have to change your /etc/network/interfaces like this
and after that remember to restart your service using
sudo service networking restart

ok, found the solution
here is the source
http://www.cyberciti.biz/tips/howto-ubuntu-linux-convert-dhcp-network-configuration-to-static-ip-configuration.html
basically for debian
1) vim /etc/network/interfaces
2) comment/delete this line iface eth0 inet dhcp
3) add this
iface eth0 inet static
address 192.168.1.106 # this is the ip address you want to assign
netmask 255.255.255.0
network 192.168.1.0