Date: Sun, 5 May 2002 17:49:32 +1000 From: "Michael Phaze" <michael@roq.com> To: <freebsd-stable@freebsd.org> Subject: Re: ipfilter problem Message-ID: <010401c1f409$65fbd350$2701a8c0@MICHAEL2> References: <20020504223450.GA1025@grind.grind.dom>
next in thread | previous in thread | raw e-mail | index | archive | help
I used to use the return-rst rule, but at the end of the day it can cause to many hard to see problems. I used to think it was a good way to hide open ports, but its better just to suck in the packet and not reply because it makes it nmaps go alot slower (if not unscannable) which to me is more worth while then trying to hide services or hide the fact a firewall is there. Just my 2 cents :) ----- Original Message ----- From: "Michael Riexinger" <mailinglists@grindking.de> To: <freebsd-stable@freebsd.org> Sent: Sunday, May 05, 2002 8:34 AM Subject: ipfilter problem > Hi, > > I have FreeBSD-STABLE (4.6-PRERELEASE) From May, 1st and I cannot > communicate with the host news.cis.dfn.de (neither nntp nor http, but > only this host, others work). When I remove this ipf rule it works: > > block return-rst in log quick on isp0 proto tcp from any to any > > But with a prior version of STABLE or 4.5-RELEASE it worked. > > greets, > Michael > > -- > "Testing? What's that? If it compiles, it is good, > if it boots up, it is perfect." -- Linus Torvalds > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010401c1f409$65fbd350$2701a8c0>