Date: Wed, 23 Feb 2005 11:49:39 -0500 From: sn1tch <dot.sn1tch@gmail.com> To: freebsd-questions@freebsd.org Subject: ipfw and nmap Message-ID: <a82b971905022308491dfd1706@mail.gmail.com>
index | next in thread | raw e-mail
I am fairly new to IPFW, I have question regarding the stateful part of it. Now I may just be misunderstanding this so set me straight if I am. From what I understand when you add a check-state rule and then following that a rule to keep-state, if a packet destined for that port is new and "setup" was not added to the keep-state rule then wouldn't it get denied at the check-state rule since keep-state did not add a dynamic rule? My problem is this, and again this may not even be correct but I have a bsd box that is simply providing me SSH capabilities..here are the rules for it: add check-state add allow all from any to any 22 in via fxp0 keep-state then the default to deny rule. Now is there a way to allow setup connections but disallow port scanners like nmap from seeing it as being open? Thanks for any helphelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a82b971905022308491dfd1706>