On 2011-03-07, Henrik Engmark <h...@tti.se> wrote: > That is correct. I noticed every try to do an OS detection with > nmap failed for incredibly strange reasons reported by nmap, > like no route to host even though the target was on the same > subnet.
it's not intuitive, but EHOSTUNREACH ("no route to host") from a locally generated packet can also mean that the packet was blocked by PF.