Hi,

I can't get Passive OS Fingerprinting to work on FreeBSD 6.0.
I've used PF's passive os fingerprinting under OpenBSD before without any problems, so I was wondering if there is something special to do on FreeBSD.

I have inserted a line 'block in quick proto tcp from any os "Windows" to any port smtp' but it does not work. I can still connect from Windows hosts. I've tried the same with Linux, no help here.
When I instead block specific IPs, it works as expected.

This is my pf.conf:

#### BEGIN PF.CONF ####

# Macros: define common values, so they can be referenced and changed easily.
ext_if="em0"  # replace with actual external interface name i.e., dc0

ServicesTCP="{ssh, www, 443, domain, smtp, pop3, imap, 993, 995,5000,svn}"
ServicesUDP="{domain, 1194, smtp}"
internal_net="80.237.242.112/29"

# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
scrub in all no-df

block in quick proto tcp from any os "Windows" to any port smtp
block in log all

pass quick on lo0
pass quick on tap0
pass out on $ext_if all keep state
pass in on $ext_if from $internal_net to $ext_if keep state

# make it harder for nmap to scan us
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP block in log quick on $ext_if inet proto tcp from any to any flags SF/ SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA

# accept ping
pass in quick on $ext_if inet proto icmp all icmp-type 8 code 0 keep state

pass  in  on $ext_if proto tcp from any to $ext_if port 22 keep state
pass in on $ext_if proto tcp from any to $ext_if port $ServicesTCP flags S/SA keep state pass in on $ext_if proto udp from any to $ext_if port $ServicesUDP keep state

#### END PF.CONF ####

Am I doing something wrong?

Thanks,
Angelo
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to