ipfw and nmap
From: sn1tch (dot.sn1tch_at_gmail.com)
Date: 02/23/05
- Previous message: Jacob S: "Re: Different OS's? Marketshare"
- Next in thread: Matthew Seaman: "Re: ipfw and nmap"
- Reply: Matthew Seaman: "Re: ipfw and nmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 23 Feb 2005 11:49:39 -0500 To: freebsd-questions@freebsd.org
I am fairly new to IPFW, I have question regarding the stateful part
of it. Now I may just be misunderstanding this so set me straight if I
am. From what I understand when you add a check-state rule and then
following that a rule to keep-state, if a packet destined for that
port is new and "setup" was not added to the keep-state rule then
wouldn't it get denied at the check-state rule since keep-state did
not add a dynamic rule? My problem is this, and again this may not
even be correct but I have a bsd box that is simply providing me SSH
capabilities..here are the rules for it:
add check-state
add allow all from any to any 22 in via fxp0 keep-state
then the default to deny rule.
Now is there a way to allow setup connections but disallow port
scanners like nmap from seeing it as being open?
Thanks for any help
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Jacob S: "Re: Different OS's? Marketshare"
- Next in thread: Matthew Seaman: "Re: ipfw and nmap"
- Reply: Matthew Seaman: "Re: ipfw and nmap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
