From owner-freebsd-questions Thu Apr 13 10:54:49 2000 Delivered-To: freebsd-questions@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id 3F66237BB2D for ; Thu, 13 Apr 2000 10:54:39 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.12 #1) id 12fmfS-000H5f-00; Thu, 13 Apr 2000 17:40:34 +0100 Received: (from ben) by strontium.scientia.demon.co.uk (Exim 3.12 #7) id 12fmfS-000ONZ-00; Thu, 13 Apr 2000 17:40:34 +0100 Date: Thu, 13 Apr 2000 17:40:34 +0100 From: Ben Smithurst To: Sean-Paul Rees Cc: questions@freebsd.org Subject: Re: Refuse versus Filter Message-ID: <20000413174034.A60798@strontium.scientia.demon.co.uk> References: <20000412220432.A1974@dreamfire.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000412220432.A1974@dreamfire.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sean-Paul Rees wrote: > I have several ipfw rules to protect some potentially vulnerable services > from being exploited from the outside. However, when I do a nmap, all the > ports that I block show up as filtered. > > Is there a way to get a "Connection refused" effect with ipfw instead of a > connection just hanging? Look at the "reset" action in ipfw. I'm no TCP/IP expert, but I think this will only work for connections to the firewall host, i.e. I don't think you can use "reset" for connection attempts to internal hosts. I may be wrong though. (it sends a RST, which is presumably only significant to the TCP sender if the RST's source address matches the attempted connection's destination.) Also look at something like "unreach port". -- Ben Smithurst / ben@scientia.demon.co.uk / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message