shutdown :-)
Check the nmap documentation, then the pf.conf manual page. You need to understand why what you are asking for isn't possible. Also all the syntax is covered by "man pf.conf". Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:[EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Afra, Ziad (London) Sent: Wednesday, December 17, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: RE: blocking nmap scans So whats the syntax to block TCP connect() and SYN? Thanks Z -----Original Message----- From: Tiago Pierezan Camargo [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 09:47 To: [EMAIL PROTECTED] Subject: Re: blocking nmap scans > block in log quick on $ext_if inet proto tcp from any to any flags > FUP/FUP > block in log quick on $ext_if inet proto tcp from any to any flags > SF/SFRA > block in log quick on $ext_if inet proto tcp from any to any flags > /SFRA Those rules only block FIN, Xmas and NULL scans. TCP connect() and SYN scans work as usual. -- Tiago Pierezan Camargo <elessar at matrix.com.br> (o_.' The boozy penguin says: //\c{} "VI VI VI The editor of the beast." V__)_
