From owner-freebsd-pf@FreeBSD.ORG Wed Aug 20 21:55:39 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9FBA106567B for ; Wed, 20 Aug 2008 21:55:39 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by mx1.freebsd.org (Postfix) with ESMTP id 7187F8FC15 for ; Wed, 20 Aug 2008 21:55:39 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-045-187.pools.arcor-ip.net [88.66.45.187]) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis) id 0ML25U-1KVveU0rpd-0007QH; Wed, 20 Aug 2008 23:55:38 +0200 Received: (qmail 52436 invoked from network); 20 Aug 2008 21:55:37 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by mx.laiers.local with SMTP; 20 Aug 2008 21:55:37 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Wed, 20 Aug 2008 23:55:37 +0200 User-Agent: KMail/1.10.0 (FreeBSD/8.0-CURRENT; KDE/4.1.0; i386; ; ) References: <48AC266D.2030902@eskk.nu> <20080820143855.GA40160@eos.sc1.parodius.com> <48AC515B.7060409@eskk.nu> In-Reply-To: <48AC515B.7060409@eskk.nu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200808202355.37629.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18j88wu0PeZsln0k2CN2wGeGmkx1qDHPpzMYic ZOcFjiw2C7/rq/Cn6Z0bbMOmNYLTI3QY9553HE+ER4t6qguNMW mVwym/dKmOWD0lk3De+TQ== Cc: Subject: Re: #2... sorry typing error Re: port stealth mode? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Aug 2008 21:55:39 -0000 On Wednesday 20 August 2008 19:16:11 Leslie Jensen wrote: > Jeremy Chadwick skrev: > > On Wed, Aug 20, 2008 at 04:13:01PM +0200, Leslie Jensen wrote: > >> I've done some testing with Steve Gibsons "Shields up" > >> https://www.grc.com/x/ne.dll?bh0bkyd2 > >> > >> These tests lists the ports as closed but visible. > >> > >> Instead the site suggest that one uses stealth so that the ports are not > >> visible from the Internet. > >> > >> Is there a way to achieve this with PF? > > > > The "block" directive, along with "set block-policy drop" should suffice > > for accomplishing this in pf. > > Thank you Jeremy. > > I had "return" instead of "drop". > > Now when I do the test the ports 0, 1 and 53 are closed, not dropped. This might be your ISP "helping" ... i.e. they filter your traffic in order to protect against stupid Windows worms or enforce a policy ("you must not run a DNS server here"). If you can try tcptracing from outside to see if the RSTs really come from your pf box or from an ISP firewall (though that fact might be obfuscated, too). > I do not have any rules to allow these ports. > > Any suggestions on what might be the reason for this? -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News