From owner-freebsd-net@FreeBSD.ORG Wed Sep 14 23:47:16 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3BD6116A41F for ; Wed, 14 Sep 2005 23:47:16 +0000 (GMT) (envelope-from dave-sender-1932b5@seddon.ca) Received: from seddon.ca (seddon.ca [203.209.212.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 7E66B43D46 for ; Wed, 14 Sep 2005 23:47:15 +0000 (GMT) (envelope-from dave-sender-1932b5@seddon.ca) Received: (qmail 69016 invoked by uid 89); 14 Sep 2005 23:47:13 -0000 Received: by seddon.ca (tmda-sendmail, from uid 89); Thu, 15 Sep 2005 09:47:11 +1000 (EST) References: <432828dd.261.7370.32443@canada.com> In-Reply-To: <432828dd.261.7370.32443@canada.com> To: "Boris Karloff" Date: Thu, 15 Sep 2005 09:47:10 +1000 Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <1126741631.68995.TMDA@seddon.ca> X-Delivery-Agent: TMDA/1.0.3 (Seattle Slew) From: Dave+Seddon Cc: freebsd-net@freebsd.org Subject: Re: stopping response to nmap X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: das-keyword-net.6770cb@seddon.ca List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2005 23:47:16 -0000 Just configure /etc/rc.conf with one of these options and the firewall should work. These are the options, from /etc/rc.firewall: ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) So set this: firewall_enable="YES" firewall_type="closed" Regards, Dave Boris Karloff writes: > Hello: > > How do I cause freeBSD 5.4 to not respond to an nmap > inquiry? I have already tried creating a line in rc.firewall > that says: > > ${fwcmd} deny all from any to any > ${fwcmd} drop all from any to any > > I know these are active, since 1) I see them on the screen > at startup, and 2) pinging from any computer to any computer > results in a timeout. > > (both of these should drop all TCP packets; but apparently, > they cause a RESET message to be sent.) > > I've also tried adding the following to sysctl.conf: > > net.inet.tcp.blackhole=2 > net.inet.udp.blackhole=1 > > Again, these don't seem to prevent my freeBSD from sending a > packet (probably a RESET or UNREACHABLE-HOST ack). > > Once the person sending the nmap to this machine has the IP, > its a simple step for them to ip-flood this machine; or > worse. > > How do I make freeBSD not acknowledge the fingerprint from > nmap? > > Thanks in advance. > > Harold. > > > ---------------------------------------- > Upgrade your account today for increased storage; mail > forwarding or POP enabled e-mail with automatic virus > scanning. Visit > http://www.canada.com/email/premiumservices.html for more > information. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"