[Firehol-support] Re: Masking Open Ports

Daniel Pittman daniel at rimspace.net
Tue Oct 18 01:59:37 BST 2005

"Richard Williams" <richard at everything4it.co.uk> writes:

> I've recently found FireHOL and I've started using it on TSL version 3
> (Trustix Secure Linux server).  Using the lan-config example I've got a
> firewall running.  However, I have to leave standard ports open for FTP
> and SMTP packages running on the Fiewall server and these then show up as
> open ports when I run a ShieldsUp test.  Is there a way of leaving the
> ports open but masking them from port sniffers etc?

No.  There is no difference between a "port sniffer" and a normal
connection.  If you want people to be able to connect to your service,
you have to let them connect.

That said, the "ShieldsUp" test isn't a very useful test for your
firewall in a Unix context...


More information about the Firehol-support mailing list