From owner-freebsd-questions@FreeBSD.ORG  Fri Sep 16 06:17:05 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CEB2C16A41F
	for <freebsd-questions@freebsd.org>;
	Fri, 16 Sep 2005 06:17:05 +0000 (GMT)
	(envelope-from sysjo@hades.yoafrica.com)
Received: from cortizone.yoafrica.com (cortizone.yoafrica.com [196.44.176.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9367D43D48
	for <freebsd-questions@freebsd.org>;
	Fri, 16 Sep 2005 06:17:02 +0000 (GMT)
	(envelope-from sysjo@hades.yoafrica.com)
Received: from hades.yoafrica.com ([196.44.177.50] ident=postfix)
	by cortizone.yoafrica.com with esmtp (Exim 4.51 (FreeBSD))
	id 1EG9Wm-000Gzo-EI; Fri, 16 Sep 2005 06:16:58 +0000
Received: by hades.yoafrica.com (Postfix, from userid 1001)
	id 27E7B6B04; Fri, 16 Sep 2005 08:16:48 +0200 (CAT)
Date: Fri, 16 Sep 2005 08:16:47 +0200
From: John Oxley <john@yoafrica.com>
To: Boris Karloff <modelt20@canada.com>
Message-ID: <20050916061647.GB65456@yoafrica.com>
References: <4329c0ec.244.232.3162@canada.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4329c0ec.244.232.3162@canada.com>
User-Agent: Mutt/1.5.10i
Cc: freebsd-questions@freebsd.org
Subject: Re: NMAP probing of network ports
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2005 06:17:05 -0000

On Thu, Sep 15, 2005 at 01:43:56PM -0500, Boris Karloff wrote:
> Hello:
> 
> How do I cause freeBSD 5.4 to not respond to an nmap
> inquiry? I have already tried creating a line in rc.firewall
> that says: 
> 
> ${fwcmd} deny all from any to any
> ${fwcmd} drop all from any to any
> 
> I know these are active, since 1) I see them on the screen
> at startup, and 2) pinging from any computer to any computer
> results in a timeout.
> 
> (both of these should drop all TCP packets; but apparently,
> they cause a RESET message to be sent.)

Umm, try putting the drop before the deny.  AFAIK, drop just drops the
packet totally, and deny sends a RST back to the host.  That is if ipfw
works that way (ICBW). You don't need both these lines anyway, only one
of them.

-John