I agree nmap will show filtered if there is an access-list or firewall in front of the machine. However, I interpreted the email to mean you are firewalling a single machine on that machine itself?? If so, I believe nmap will only know that that machine is listening on port 80. Nmap simply does a three way handshake, then nmap itself sends a reset. Therefore, if an nmap scan is run against a machine where the firewall is on that same machine, I believe nmap will say port 80 is open. I know that with a proxying firewall this is how it works. An nmap scan will only show that the port is listening. It does not get beyond the three way handshake into the ruleset.
Unless someone else knows a way to extend the conversation nmap has with the box. > Hello, everybody. I'm newbie at the firewall area :) so this question could sound a litle bit silly. > > I would like to ask you if there is a way to understand whether a > port on a remote machine is firewalled or just not opened. I use > iptables to setup a firewall and I set a ACCEPT target for TCP > port 80 for all "trusted" connections. All other connections to > this port are DROP-ed (the INPUT chain policy is set to DROP).I'm > currious whether someone could detect that the port is existing > but firewalled e.g. available just for a few hosts. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
