Date: Thu, 13 Apr 2000 17:40:34 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: Sean-Paul Rees <sean@dreamfire.net> Cc: questions@freebsd.org Subject: Re: Refuse versus Filter Message-ID: <20000413174034.A60798@strontium.scientia.demon.co.uk> In-Reply-To: <20000412220432.A1974@dreamfire.net> References: <20000412220432.A1974@dreamfire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sean-Paul Rees wrote: > I have several ipfw rules to protect some potentially vulnerable services > from being exploited from the outside. However, when I do a nmap, all the > ports that I block show up as filtered. > > Is there a way to get a "Connection refused" effect with ipfw instead of a > connection just hanging? Look at the "reset" action in ipfw. I'm no TCP/IP expert, but I think this will only work for connections to the firewall host, i.e. I don't think you can use "reset" for connection attempts to internal hosts. I may be wrong though. (it sends a RST, which is presumably only significant to the TCP sender if the RST's source address matches the attempted connection's destination.) Also look at something like "unreach port". -- Ben Smithurst / ben@scientia.demon.co.uk / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000413174034.A60798>