Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Oct 2001 15:23:42 -0400
From:      Pierre-Luc =?iso-8859-1?Q?Lesp=E9rance?= <ghislainl@videotron.ca>
To:        security@freebsd.org
Subject:   Re: FreeBSD IPFW
Message-ID:  <200110151923.f9FJNgh84725@oksala.org>
References:  <007f01c155a4$53166a60$03e2cbd8@server>
next in thread | previous in thread | raw e-mail | index | archive | help 
Jeremiah Gowdy wrote:
> 
> I'm using FreeBSD 4.4-STABLE with my transparent bridge/firewall setup to
> protect my network.  I'm wondering why ipfw is returning packets, which I
> assume it's doing, when it filters a particular port like this:
> 
> "139/tcp    filtered    netbios-ssn"
> 
> result from an nmap scan.  I would rather, like blackhole, just silently
> drop the packet, which causes the port scanner to lag all to hell and wait
> for the response timeout.  Of course I have blackhole turned on, and that
> works for the FreeBSD box itself, but it does not work for the packets
> blocked by ipfw.  Is there an IPFW option to drop a packet silently with no
> RST or ICMP returned (or anything else) ?
> 

I tried IPFilter with net.inet.tcp.blackhole and some return-icmp
First I send "destination unreachable" using that rule 

block return-icmp (3) in quick on ed0 proto tcp from any to any port =
21

And I used nmap and it showed 
21/tcp     closed      ftp

And after that I try "IP header bad" 

block return-icmp (12) in quick on ed0 proto tcp from any to any port =
21
and It wasn't showed in the nmap ( 2.54BETA29 ) report 

I don't know if it's what you want and I KNOW that IPFilter isn't IPFW !

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110151923.f9FJNgh84725>