Date: Mon, 15 Oct 2001 11:07:59 -0700 From: "Jeremiah Gowdy" <jgowdy@home.com> To: <security@freebsd.org> Subject: FreeBSD IPFW Message-ID: <007f01c155a4$53166a60$03e2cbd8@server>
next in thread | raw e-mail | index | archive | help
I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to protect my network. I'm wondering why ipfw is returning packets, which I assume it's doing, when it filters a particular port like this: "139/tcp filtered netbios-ssn" result from an nmap scan. I would rather, like blackhole, just silently drop the packet, which causes the port scanner to lag all to hell and wait for the response timeout. Of course I have blackhole turned on, and that works for the FreeBSD box itself, but it does not work for the packets blocked by ipfw. Is there an IPFW option to drop a packet silently with no RST or ICMP returned (or anything else) ? Thanks. ___________________________________________ Jeremiah Gowdy IT Manager - Senior Network Administrator Sherline Products Inc 3235 Executive Ridge Vista CA 92083-8527 IT Dept: 760-727-9492 Sales: 1-800-541-0735 International: (760) 727-5857 Fax: (760) 727-7857 ___________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007f01c155a4$53166a60$03e2cbd8>