Hi, I can't get Passive OS Fingerprinting to work on FreeBSD 6.0.I've used PF's passive os fingerprinting under OpenBSD before without any problems, so I was wondering if there is something special to do on FreeBSD.
I have inserted a line 'block in quick proto tcp from any os "Windows" to any port smtp' but it does not work. I can still connect from Windows hosts. I've tried the same with Linux, no help here.
When I instead block specific IPs, it works as expected. This is my pf.conf: #### BEGIN PF.CONF ##### Macros: define common values, so they can be referenced and changed easily.
ext_if="em0" # replace with actual external interface name i.e., dc0ServicesTCP="{ssh, www, 443, domain, smtp, pop3, imap, 993, 995,5000,svn}"
ServicesUDP="{domain, 1194, smtp}"
internal_net="80.237.242.112/29"
# Normalization: reassemble fragments and resolve or reduce traffic
ambiguities.
scrub in all no-df block in quick proto tcp from any os "Windows" to any port smtp block in log all pass quick on lo0 pass quick on tap0 pass out on $ext_if all keep state pass in on $ext_if from $internal_net to $ext_if keep state # make it harder for nmap to scan usblock in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP block in log quick on $ext_if inet proto tcp from any to any flags SF/ SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA # accept pingpass in quick on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
pass in on $ext_if proto tcp from any to $ext_if port 22 keep statepass in on $ext_if proto tcp from any to $ext_if port $ServicesTCP flags S/SA keep state pass in on $ext_if proto udp from any to $ext_if port $ServicesUDP keep state
#### END PF.CONF #### Am I doing something wrong? Thanks, Angelo _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
