I'd like to stop others from seeing my ports as filtered in the nmap standard scan (unprivileged). Let's say that I have the following ports open: 22, 3306, 995 and a firewall configured like this:
-A INPUT -p tcp -m tcp --dport 22 -j DROP
-A INPUT -p tcp -m tcp --dport 3306 -j DROP
-A INPUT -p tcp -m tcp --dport 995 -j DROP
This is the result of an nmap scan:
[+] Nmap scan report for X.X.X.X
Host is up (0.040s latency).
Not shown: 90 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
995/tcp filtered pop3s
3306/tcp filtered mysql
It displays these ports as filtered, because my server didn't reply RST for SYN. Is there a way to modify this behaviour? For example: if the iptables firewall blocks a port, reply RST for SYN, instead of remaining silent (not replying anything)?
Best Answer
Don't use DROP, that's easily identified as "filtered" if you know the box is up. Instead, you may use the following to send a RST. (as if there is a service listening, but it doesn't accept connections from you)
Or otherwise simply use the following to make the port look closed. (as if there is no service listening on it)