tcp 3-way handshake, how to block kernel sending RST flag?

When port is closed, kernel sends RST flag to the client, which prevents me from seding my syn-ack packet back. Is there any way to disable/block it, I am a bit clueless about how to do it in pf while net.inet.tcp.blackhole blocks all outgoing packets (also mine).

This works fine on linux: `iptables -A OUTPUT -p tcp --source-port xxx --tcp-flags RST RST -j DROP ` but I am unable to do it on freebsd :(
 
When port is closed, kernel sends RST flag to the client, which prevents me from seding my syn-ack packet back.
Why do you want to send a SYN/ACK in response to a SYN to a closed port? Only an open port should respond with a SYN/ACK.
 
Exactly. Instead of trying to ban port scanners, I will serve them what they search for. Open ports - all service ports. I already have a working solution for my dev. system - linux, it is just this detail that is stopping it deploy it for freebsd that is my main target.

I could be doing it some other way, but using raw sockets is much faster and less resource intensive.
 
Ok, this is becoming frustrating:
set block-policy drop
block out quick on re0 proto tcp from any port xxxx to any flags R/R

Nothing works =/
 
The whole point of a forum is so others can learn from mistakes.
 
Back
Top