On Thu, Feb 28, 2002 at 07:34:54AM -0500, Justin Piszcz wrote:
> Yes I understand that.
> I am using DROP.
> Why does it show filtered?
> As a drop policy on ipchains/ipfwadm, from what I've been told, is it drops the
> packet, does not reply back, and therefore should NOT show a filtered port.
If a port is closed, not filtered, ICMP message "destination port
unreachable" is sent. When the port is filtered nothing is sent. I think
this is how nmap checks this.
Try with REJECT (with icmp-port-unreachable if it is not default) instead of DROP.
Greets,
Jacek
