Well... Basically what your firewall is doing now is "drop" the IP packet.
What you are wanting is to "reject" the connection. This will mean that your firewall will send an ICMP packet back to let the source know that there isnt such IP address or a listening port there... The problem with this setup is that this will reveil your firewall for the "portscanner" because it receives an ICMP packet from the firewalls' IP address and NOT the scanned IP address. (assuming that you are scanning an IP address that is behind the firewall... not the firewall itself). Hope this answers your question... Regards, Brenno > -----Original Message----- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] > Sent: donderdag 17 januari 2002 4:11 > To: [EMAIL PROTECTED] > Subject: iptables/linux - filtered ports? > > Hey all- > > My apologies if I am rehashing a previous topic, but I didn't find it in > the archives. > > I recently setup a linux firewall using iptables and then ran an nmap > against the host. Nmap reported a few ports, all of them "filtered" > instead of open. As I understand it, this means that nmap is not sure > if the port is open or not, because it is not getting any return > packets. > > Is there a way to use iptables to "stealth" the port? In other words, > can iptables be configured in such a way as to make port scanners think > that a port (or a host!) does not even exist at the specified ip? > > Would adding a filter against icmp be enough (since nmap pings for hosts > first... unless told not to)? > > - J > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
