freebsd-pf Stealth Modus
文鳥
bunchou at googlemail.com
Tue Oct 6 16:43:59 UTC 2009
On Tue, 6 Oct 2009 17:23:09 +0200
"Helmut Schneider" <jumper99 at gmx.de> wrote:
> From: "Nico De Dobbeleer" <nico at elico-it.be>
> > I just finished installing FreeBSD 7.x with pf in transparant
> > bridging mode as the servers behind the firewall need to have an
> > public ipaddress. Now is everything working fine and the FW is
> > doing his job as it should be. When I nmap the FW I see the open
> > ports and closed ports. Is there a way the get the FW running in
> > stealth mode so that isn't possible anymore with nmap or any other
> > scanning tool to see the open or closed ports?
>
> There is no "stealth". If a service responds to a request the port is
> "open". If not it's closed.
>
> Helmut
There is: just use "block drop" in your pf config or "set block-policy
drop" (see man 5 pf.conf). This effectively stops sending TCP RST or
UDP unreach packets.
More information about the freebsd-pf
mailing list