Hello all I hope everyone is well. I`m looking at the various rules required to block an nmap scan from other hosts to show my ports being open. I applied the following rule but I am still able to scan using the latest version of nmap on redhat9.
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA block in log quick on $ext_if inet proto tcp from any to any flags /SFRA One other thing I would like to ask is ... when an nmap report is conducted on some internal firewalled machines I receive a state of "filtered" on them. What does this mean exactly and how can one apply it to one`s config? Thanks Ziad
