Hi, i did some quick research on this.
i recommend using multiple unclean matches one for icmp, one for tcp, and so on if you do just: # iptables -A INPUT -m unclean -j DROP a XMAS scan will show: open # iptables -A INPUT -m unclean -j REJECT a XMAS scan will show: filtered What you need to do is to according to RFC's is to send a TCP reset. in order to do this you need to: # iptables -A INPUT -t tcp -m unclean -j REJECT --reject-with tcp-reset a XMAS scan will not show anything. port is closed :) The way that port scanners decide what to show the user: filtered, closed, open depends on how tricky is the portscanner programmer and to what extent he judges the results to be compliant with RFCs. Normally a tcp packet to a closed port should be answered with: TCP RST packet. if you do not specify that, iptables will send icmp, which is not expected and tells the portscanner that something is not the way it should be. I would like to thank you for your discussion on this, thanks to which i got to those conclusions. suggestions,corrections are welcome :) Best Regards, Maciej Soltysiak
