tcp 3-way handshake, how to block kernel sending RST flag?

[irukandji]

When port is closed, kernel sends RST flag to the client, which prevents me from seding my syn-ack packet back. Is there any way to disable/block it, I am a bit clueless about how to do it in pf while net.inet.tcp.blackhole blocks all outgoing packets (also mine).

This works fine on linux: `iptables -A OUTPUT -p tcp --source-port xxx --tcp-flags RST RST -j DROP ` but I am unable to do it on freebsd

 

[SirDice]

When port is closed, kernel sends RST flag to the client, which prevents me from seding my syn-ack packet back.

Why do you want to send a SYN/ACK in response to a SYN to a closed port? Only an open port should respond with a SYN/ACK.

 

[irukandji]

Exactly. Instead of trying to ban port scanners, I will serve them what they search for. Open ports - all service ports. I already have a working solution for my dev. system - linux, it is just this detail that is stopping it deploy it for freebsd that is my main target.

I could be doing it some other way, but using raw sockets is much faster and less resource intensive.

 

[irukandji]

Ok, this is becoming frustrating:
set block-policy drop
block out quick on re0 proto tcp from any port xxxx to any flags R/R

Nothing works =/

 

[irukandji]

Omg, what a stupid bug... I am sorry for nagging, you can delete this thread, my mistake

 

[SirDice]

The whole point of a forum is so others can learn from mistakes.

 

[irukandji]

The whole point of a forum is so others can learn from mistakes.

This was my bug in my code. But never mind, for the others "set block-policy drop" works.