From owner-freebsd-questions Thu Apr 13 13:57:17 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3]) by hub.freebsd.org (Postfix) with ESMTP id 370E837BDF9 for ; Thu, 13 Apr 2000 13:57:08 -0700 (PDT) (envelope-from keramida@ceid.upatras.gr) Received: from hades.hell.gr (ppp7.patr.hellasnet.gr [212.54.197.22]) by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id WAA08196; Thu, 13 Apr 2000 22:55:51 +0200 (GMT) Received: (from charon@localhost) by hades.hell.gr (8.9.3/8.9.3) id QAA27396; Thu, 13 Apr 2000 16:57:25 +0300 (EEST) (envelope-from charon) Date: Thu, 13 Apr 2000 16:57:24 +0300 From: Giorgos Keramidas To: Sean-Paul Rees Cc: questions@FreeBSD.ORG Subject: Re: Refuse versus Filter Message-ID: <20000413165724.B25700@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <20000412220432.A1974@dreamfire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000412220432.A1974@dreamfire.net>; from sean@dreamfire.net on Wed, Apr 12, 2000 at 10:04:32PM -0700 X-PGP-Fingerprint: 62 45 D1 C9 26 F9 95 06 D6 21 2A C8 8C 16 C0 8E Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Apr 12, 2000 at 10:04:32PM -0700, Sean-Paul Rees wrote: > > I have several ipfw rules to protect some potentially vulnerable > services from being exploited from the outside. However, when I do a > nmap, all the ports that I block show up as filtered. > > Is there a way to get a "Connection refused" effect with ipfw instead > of a connection just hanging? If they're UDP based services, like remote logging of syslogd, you can safely drop the packets and forget about them, i.e. # drop all packets destined to our syslogd deny udp from any to any 514 If they're TCP based services, you can return an RST packet to tell the other end that the port they're trying to connect to is not `open'. # drop all requests to identd service reset tcp from any to any 113 setup -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public pgp key: finger keramida@diogenis.ceid.upatras.gr See the headers of this message for the key finger-print. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message