From owner-freebsd-security  Mon Oct 15 11: 8: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sherline.net (216-203-226-2.customer.algx.net [216.203.226.2])
	by hub.freebsd.org (Postfix) with SMTP id E75C137B409
	for <security@freebsd.org>; Mon, 15 Oct 2001 11:07:58 -0700 (PDT)
Received: (qmail 24481 invoked from network); 15 Oct 2001 18:07:56 -0000
Received: from server.sherline.net (HELO server) (216.203.226.3)
  by sherline.net with SMTP; 15 Oct 2001 18:07:56 -0000
Message-ID: <007f01c155a4$53166a60$03e2cbd8@server>
From: "Jeremiah Gowdy" <jgowdy@home.com>
To: <security@freebsd.org>
Subject: FreeBSD IPFW
Date: Mon, 15 Oct 2001 11:07:59 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to
protect my network.  I'm wondering why ipfw is returning packets, which I
assume it's doing, when it filters a particular port like this:

"139/tcp    filtered    netbios-ssn"

result from an nmap scan.  I would rather, like blackhole, just silently
drop the packet, which causes the port scanner to lag all to hell and wait
for the response timeout.  Of course I have blackhole turned on, and that
works for the FreeBSD box itself, but it does not work for the packets
blocked by ipfw.  Is there an IPFW option to drop a packet silently with no
RST or ICMP returned (or anything else) ?

Thanks.
___________________________________________
Jeremiah Gowdy

IT Manager - Senior Network Administrator

Sherline Products Inc
3235 Executive Ridge
Vista CA 92083-8527

IT Dept: 760-727-9492
Sales: 1-800-541-0735
International: (760) 727-5857
Fax: (760) 727-7857
___________________________________________




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message