Deogratias Nondi wrote:
I am in a process of developing a firewall for the purpose of blocking/filtering port scans on my host machines.
what do your "host machines" do? smtp? ftp? www?
I am looking on how to properly write rules to block SYN, FIN, XMAS and NULL scans.
are you trying to protect against scans or intrusions? > What I have found so far is to allow just SYN packets and
block everything else.
good plan. just allow SYNs on the ports you need open.
I don't really like this idea
why not?
and would like to write specific filter rules for each of the scans I mentioned.
i have a few years of experience with firewalls and ipf; that said, i will tell you this: the simpler your rules are the better. jim
