Hello everybody, OpenBSDs PF is able to block Packets by the passiv OS fingerprint. For example you can block packets from nmap.
I4ve a little problem witht hat: How to block a host if it does/did a nmap-Scan?! I can block the nmap-scan but not automaticly the host because the overload-rule does not know about blocking by OSs. I4m sorry for my english so I`ll provide a little example: That`s what you can do now: block drop in log quick on $ext_if os NMAP And that`s what I`m looking for (a little combination of overload and the normal blocking rule): block drop in log quick on $ext_if os NMAP overload <nmapscanners> flush You can block the nmap-scan but no further activities as far as I know. So does somebody know a "workaround" to do what I`m looking for (with PF of course). Kind regards, Sebastian
