freebsd-pf Digest, Vol 266, Issue 4
Tom Uffner
tom at uffner.com
Sat Oct 31 21:52:17 UTC 2009
Nico De Dobbeleer wrote:
> # this should block OS fingerprints??
> block in log quick proto tcp flags FUP/WEUAPRSF
> block in log quick proto tcp flags WEUAPRSF/WEUAPRSF
> block in log quick proto tcp flags SRAFU/WEUAPRSF
> block in log quick proto tcp flags /WEUAPRSF
> block in log quick proto tcp flags SR/SR
> block in log quick proto tcp flags SF/SF
>
> # thwart nmap scans
> block in log quick on { $ext_if, $int_if, $mng_if } proto tcp all flags SEFUP/SEFUP
> block out log quick on { $ext_if, $int_if, $mng_if } proto tcp all flags SEFUP/SEFUP
>
> Any idea's?
yeah. replace all of the strange flag combinations with a simple
"block log all" rule.
get basic firewall functionality working first, then add the fancy
stuff back one rule at a time & test to see what breaks.
and when adding the above rules, think about whether you really
want "quick". i'm amazed that any TCP gets through that ruleset
in either direction.
More information about the freebsd-pf
mailing list