On Fri, Mar 28, 2003 at 01:14:41AM -0500, [EMAIL PROTECTED] wrote: > Is pf a true 'silent' firewall, not touching the ttl of a packet and thereby > not giving out that the packet has gone through an extra layer to get to the > destination? If it isn't, is there a way to enable such a feature, if it's > yet implemented?
You can also use 'block ... return-rst ttl <number> ...' syntax to explicitly specifty the TTL used in the generated RST packets (read pf.conf(5), search for ttl). pf also drops packets with invalid checksums by default (post 3.2) thus preventing another avenue of detection. However, there probably are (or will be) other ways to detect the presence of a 'stealth' firewall so dont just depend on it. Can
