I have recently found out that my current pf ruleset I am using while
conducting penetration testing interferes with nmap scans and a few other
things. Has anyone got a proven ruleset that has not
gotten in the way of there nmap scans and such.
Here is my /etc/pf.conf
set block-policy drop
set require-order yes
# Clean up fragmented and abnormal packets
scrub in all
scrub out all no-df max-mss 1492 random-id
# We block everything by default
block log all
# allow localhost traffic
pass quick on lo0 from lo0 to lo0
# Stateful Firewall
pass out quick proto { tcp,udp,icmp } all keep state
TIA
--
Ron Rosson
The InSaNe One
[EMAIL PROTECTED]
