Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Sep 2005 09:47:10 +1000
From:      Dave+Seddon <dave-sender-1932b5@seddon.ca>
To:        "Boris Karloff" <modelt20@canada.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: stopping response to nmap
Message-ID:  <1126741631.68995.TMDA@seddon.ca>
In-Reply-To: <432828dd.261.7370.32443@canada.com>
References:  <432828dd.261.7370.32443@canada.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Just configure /etc/rc.conf with one of these options and the firewall 
should work. 

These are the options, from /etc/rc.firewall:
############
# Define the firewall type in /etc/rc.conf.  Valid values are:
#   open     - will allow anyone in
#   client   - will try to protect just this machine
#   simple   - will try to protect a whole network
#   closed   - totally disables IP services except via lo0 interface
#   UNKNOWN  - disables the loading of firewall rules.
#   filename - will load the rules in the given filename (full path 
required) 

So set this: 

firewall_enable="YES"
firewall_type="closed" 

Regards,
Dave 

 

Boris Karloff writes: 

> Hello: 
> 
> How do I cause freeBSD 5.4 to not respond to an nmap
> inquiry? I have already tried creating a line in rc.firewall
> that says:  
> 
> ${fwcmd} deny all from any to any
> ${fwcmd} drop all from any to any 
> 
> I know these are active, since 1) I see them on the screen
> at startup, and 2) pinging from any computer to any computer
> results in a timeout. 
> 
> (both of these should drop all TCP packets; but apparently,
> they cause a RESET message to be sent.) 
> 
> I've also tried adding the following to sysctl.conf: 
> 
> net.inet.tcp.blackhole=2
> net.inet.udp.blackhole=1 
> 
> Again, these don't seem to prevent my freeBSD from sending a
> packet (probably a RESET or UNREACHABLE-HOST ack). 
> 
> Once the person sending the nmap to this machine has the IP,
> its a simple step for them to ip-flood this machine; or
> worse.  
> 
> How do I make freeBSD not acknowledge the fingerprint from
> nmap? 
> 
> Thanks in advance. 
> 
> Harold. 
> 
> 
> ----------------------------------------
> Upgrade your account today for increased storage; mail
> forwarding or POP enabled e-mail with automatic virus
> scanning. Visit
> http://www.canada.com/email/premiumservices.html for more
> information.
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1126741631.68995.TMDA>