Date: Tue, 6 Oct 2009 18:22:41 +0200 From: "=?UTF-8?B?5paH6bOl?=" <bunchou@googlemail.com> To: "Helmut Schneider" <jumper99@gmx.de> Cc: Nico De Dobbeleer <nico@elico-it.be>, freebsd-pf@freebsd.org Subject: Re: freebsd-pf Stealth Modus Message-ID: <20091006182241.79d16c8c@centaur.5550h.net> In-Reply-To: <49F0693DC96541B4B9D7B61599A12CA4@vpe.de> References: <6422287.58441254834893591.JavaMail.root@zimbra-store> <49F0693DC96541B4B9D7B61599A12CA4@vpe.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 6 Oct 2009 17:23:09 +0200 "Helmut Schneider" <jumper99@gmx.de> wrote: > From: "Nico De Dobbeleer" <nico@elico-it.be> > > I just finished installing FreeBSD 7.x with pf in transparant > > bridging mode as the servers behind the firewall need to have an > > public ipaddress. Now is everything working fine and the FW is > > doing his job as it should be. When I nmap the FW I see the open > > ports and closed ports. Is there a way the get the FW running in > > stealth mode so that isn't possible anymore with nmap or any other > > scanning tool to see the open or closed ports? > > There is no "stealth". If a service responds to a request the port is > "open". If not it's closed. > > Helmut There is: just use "block drop" in your pf config or "set block-policy drop" (see man 5 pf.conf). This effectively stops sending TCP RST or UDP unreach packets.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091006182241.79d16c8c>