Hi Stuart, I have 'block log all' as a rule and yes i have several ports that are open. I was told to take precautions against port scanning. I'm trying to achieve that too. :/
On Sat, Oct 9, 2021 at 4:13 PM Stuart Henderson <stu.li...@spacehopper.org> wrote: > On 2021-10-07, Barbaros Bilek <barbarosb...@gmail.com> wrote: > > Hello misc, > > > > I try to block port scanning attempts with OpenBSD 6.9/amd64 + PF. > > At the top of my pf.conf i've added these lines but it didn't work. > > > > block in quick proto tcp all flags SF/SFRA label bps1 > > block in quick proto tcp all flags FPU/SFRAUP label bps3 > > block in quick proto tcp all flags /SFRA label bps4 > > block in quick proto tcp all flags F/SFRA label bps5 > > block in quick proto tcp all flags U/SFRAU label bps6 > > Why not just "block in quick proto tcp all"? > > Or are you trying to keep some ports open? If you do that, then the > host can be scanned by some method or other, if you allow connections > then there's no passive method to block, instead you need to detect > the scan and block the origin (and that can be worked around too, > by scanning from multiple source addresses, but it's harder). > > -- > Please keep replies on the mailing list. > >
