Getting stealth with PF firewall? - PC-BSD Forums

damatta · #1 04-12-2007, 12:56 AM

Hiya,
as you might have noticed, I come from windows world.
I know not how to make my PC stealth, as i checked in grc.com and the report was:

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.
Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)
Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.

Does PF works a little like the average windows "firewalls" around? that is, filtering unsolicited traffic, adjusting open connections speed (to increase network performance), detecting typical network attacks such as: flood, scans, arp attacks, etc.
By the way, can I make snort do all that easily?

Thanks in advance

dracheflieger · #2 04-12-2007, 03:15 AM

Look at your /etc/pf.inports file...those ports listed are the ones that are open. comment out or add to, then reboot or as root in a c/konsole, issue the command

Code:

/usr/local/etc/rc.d/pf_rules restart

I think it is ALTQ that allows network limiting as far as speed. and despite what something like shields up will suggest, this is one of the most secure OSes on the planet.

antik · #3 04-12-2007, 07:08 AM

Originally Posted by damatta

Thanks in advance

http://www.openbsd.org/faq/pf/

damatta · #4 04-22-2007, 02:34 AM

What is in pf.conf will overwrite my custom rules? I made some rules to block all ICMP and [SYN] requests to all ports, except those of emule and bittorrent.
Messenger spam, unrequested 'pings', port scans are hiting me very often! even when I'm idling...
I know not what went wrong.
By the way: Does the default config in PF foils OS detection, common DOS, and other attacks?
because I couldnt test it properly from the loopback interface, yet.

dracheflieger · #5 04-22-2007, 03:49 AM

KMenu -> Settings -> System Administration -> PC-BSD Services -> root password and Disable Startup PF Generator.

antik · #6 04-22-2007, 09:40 AM

Originally Posted by damatta

What is in pf.conf will overwrite my custom rules?

Edit /usr/local/etc/rc.d/pf_rules file instead. It will regenerate your /etc/pf.conf next boot. In case you may want to add additional ports then add them into /etc/pf.inports. No need to edit your pf.conf anymore.