On Tue, 6 Oct 2009 17:23:09 +0200 "Helmut Schneider" <[email protected]> wrote:
> From: "Nico De Dobbeleer" <[email protected]> > > I just finished installing FreeBSD 7.x with pf in transparant > > bridging mode as the servers behind the firewall need to have an > > public ipaddress. Now is everything working fine and the FW is > > doing his job as it should be. When I nmap the FW I see the open > > ports and closed ports. Is there a way the get the FW running in > > stealth mode so that isn't possible anymore with nmap or any other > > scanning tool to see the open or closed ports? > > There is no "stealth". If a service responds to a request the port is > "open". If not it's closed. > > Helmut There is: just use "block drop" in your pf config or "set block-policy drop" (see man 5 pf.conf). This effectively stops sending TCP RST or UDP unreach packets. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
