Molnar Peter <[EMAIL PROTECTED]> wrote: > On Sun, 2003-11-23 at 22:32, Eamon Caddigan wrote: >> Interestingly, I need to run 'nmap -PT<port> <ip>', where <port> is one >> of the ports I've opened, to make nmap realize the host isn't down. >> Presumably, this is because port 80 is closed -- but why would it, and >> all others, be reported as "filtered"? >> > Because the packets are fragmented, and the fragments get through your > firewall. To see them being completely closed, you need to use > connection tracking. This will cause the packets being reassembled > before they are filtered.
Interesting, thanks for the tip. Are any other Shorewall users doing this? Is it worth the effort -- do packet fragments pose a reasonable risk? -Eamon -- [EMAIL PROTECTED] mailing list