#2... sorry typing error Re: port stealth mode?
Max Laier
max at love2party.net
Wed Aug 20 21:55:39 UTC 2008
On Wednesday 20 August 2008 19:16:11 Leslie Jensen wrote:
> Jeremy Chadwick skrev:
> > On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
> >> I've done some testing with Steve Gibsons "Shields up"
> >> https://www.grc.com/x/ne.dll?bh0bkyd2
> >>
> >> These tests lists the ports as closed but visible.
> >>
> >> Instead the site suggest that one uses stealth so that the ports are not
> >> visible from the Internet.
> >>
> >> Is there a way to achieve this with PF?
> >
> > The "block" directive, along with "set block-policy drop" should suffice
> > for accomplishing this in pf.
>
> Thank you Jeremy.
>
> I had "return" instead of "drop".
>
> Now when I do the test the ports 0, 1 and 53 are closed, not dropped.
This might be your ISP "helping" ... i.e. they filter your traffic in order to
protect against stupid Windows worms or enforce a policy ("you must not run a
DNS server here"). If you can try tcptracing from outside to see if the RSTs
really come from your pf box or from an ISP firewall (though that fact might
be obfuscated, too).
> I do not have any rules to allow these ports.
>
> Any suggestions on what might be the reason for this?
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-pf
mailing list