Afra, Ziad (London)
2003-12-17 09:26:09 UTC
Hello all
I hope everyone is well. I`m looking at the various rules required to block
an nmap scan from other hosts to show my ports being open. I applied the
following rule but I am still able to scan using the latest version of nmap
on redhat9.
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA
One other thing I would like to ask is ... when an nmap report is conducted
on some internal firewalled machines I receive a state of "filtered" on
them. What does this mean exactly and how can one apply it to one`s config?
Thanks
Ziad
I hope everyone is well. I`m looking at the various rules required to block
an nmap scan from other hosts to show my ports being open. I applied the
following rule but I am still able to scan using the latest version of nmap
on redhat9.
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA
One other thing I would like to ask is ... when an nmap report is conducted
on some internal firewalled machines I receive a state of "filtered" on
them. What does this mean exactly and how can one apply it to one`s config?
Thanks
Ziad