From owner-freebsd-pf@FreeBSD.ORG  Tue Oct  6 15:49:52 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DD04B106566B
	for <freebsd-pf@freebsd.org>; Tue,  6 Oct 2009 15:49:52 +0000 (UTC)
	(envelope-from jumper99@gmx.de)
Received: from mail.gmx.net (mail.gmx.net [213.165.64.20])
	by mx1.freebsd.org (Postfix) with SMTP id 2BA728FC0C
	for <freebsd-pf@freebsd.org>; Tue,  6 Oct 2009 15:49:51 +0000 (UTC)
Received: (qmail invoked by alias); 06 Oct 2009 15:23:10 -0000
Received: from unknown (EHLO wsa096) [91.205.197.96]
	by mail.gmx.net (mp018) with SMTP; 06 Oct 2009 17:23:10 +0200
X-Authenticated: #682707
X-Provags-ID: V01U2FsdGVkX19YIAgd1axYMCWmeSfs+4ondrg8iMLuSUCXV0bYkK
	Q/c07oz2HGdsKN
Message-ID: <49F0693DC96541B4B9D7B61599A12CA4@vpe.de>
From: "Helmut Schneider" <jumper99@gmx.de>
To: "Nico De Dobbeleer" <nico@elico-it.be>,
	<freebsd-pf@freebsd.org>
References: <6422287.58441254834893591.JavaMail.root@zimbra-store>
Date: Tue, 6 Oct 2009 17:23:09 +0200
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="UTF-8"; reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5843
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.72
Cc: 
Subject: Re: freebsd-pf Stealth Modus
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Oct 2009 15:49:52 -0000

From: "Nico De Dobbeleer" <nico@elico-it.be>
> I just finished installing FreeBSD 7.x with pf in transparant bridging
> mode as the servers behind the firewall need to have an public
> ipaddress.  Now is everything working fine and the FW is doing his job as
> it should be. When I nmap the FW I see the open ports and closed ports.
> Is there a way the get the FW running in stealth mode so that isn't
> possible anymore with nmap or any other scanning tool to see the open or
> closed ports?

There is no "stealth". If a service responds to a request the port is 
"open". If not it's closed.

Helmut