Date: Wed, 20 Aug 2008 19:11:07 +0200 From: Leslie Jensen <leslie@eskk.nu> To: Jeremy Chadwick <koitsu@FreeBSD.org> Cc: freebsd-pf@freebsd.org Subject: Re: port stealth mode? Message-ID: <48AC502B.8080901@eskk.nu> In-Reply-To: <20080820143855.GA40160@eos.sc1.parodius.com> References: <48AC266D.2030902@eskk.nu> <20080820143855.GA40160@eos.sc1.parodius.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeremy Chadwick skrev: > On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote: >> I've done some testing with Steve Gibsons "Shields up" >> https://www.grc.com/x/ne.dll?bh0bkyd2 >> >> These tests lists the ports as closed but visible. >> >> Instead the site suggest that one uses stealth so that the ports are not >> visible from the Internet. >> >> Is there a way to achieve this with PF? > > The "block" directive, along with "set block-policy drop" should suffice > for accomplishing this in pf. > Thank you Jeremy. I had "return" instead of "drop". Now when I do the test the ports 0, 1 and 53 are open. I do not have any rules to allow these ports. Any suggestions on what might be the reason for this? /Leslie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48AC502B.8080901>