p's historic behavior (admin
prohib ==> filtered), then turning off icmp_may_rst works. With
icmp_may_rst turned on and the patch commited, you get the other
behavior (admin prohib ==> closed). Without the patch, nmap spews
errors and would need a FreeBSD-specific change.
regards,
--Scott
While I'm at it, I'll be bold and request that if this change is
acceptable, it be MFC'd for 4.4-RELEASE (I think this is a low-risk,
high-payoff change, but opinions may vary). (I do like the icmp_may_rst
behavior in general, of course.)
I've attached a copy of the
