Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Aug 2008 23:55:37 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-pf@freebsd.org
Subject:   Re: #2... sorry typing error Re: port stealth mode?
Message-ID:  <200808202355.37629.max@love2party.net>
In-Reply-To: <48AC515B.7060409@eskk.nu>
References:  <48AC266D.2030902@eskk.nu> <20080820143855.GA40160@eos.sc1.parodius.com> <48AC515B.7060409@eskk.nu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 20 August 2008 19:16:11 Leslie Jensen wrote:
> Jeremy Chadwick skrev:
> > On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote:
> >> I've done some testing with Steve Gibsons "Shields up"
> >> https://www.grc.com/x/ne.dll?bh0bkyd2
> >>
> >> These tests lists the ports as closed but visible.
> >>
> >> Instead the site suggest that one uses stealth so that the ports are not
> >> visible from the Internet.
> >>
> >> Is there a way to achieve this with PF?
> >
> > The "block" directive, along with "set block-policy drop" should suffice
> > for accomplishing this in pf.
>
> Thank you Jeremy.
>
> I had "return" instead of "drop".
>
> Now when I do the test the ports 0, 1 and 53 are closed, not dropped.

This might be your ISP "helping" ... i.e. they filter your traffic in order to 
protect against stupid Windows worms or enforce a policy ("you must not run a 
DNS server here").  If you can try tcptracing from outside to see if the RSTs 
really come from your pf box or from an ISP firewall (though that fact might 
be obfuscated, too).

> I do not have any rules to allow these ports.
>
> Any suggestions on what might be the reason for this?

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808202355.37629.max>