[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Stealth ports
 Date:  Tue, 22 Mar 2005 13:33:33 -0500
On Tue, 22 Mar 2005 13:51:36 +0100, Clement Ludovic <ludo at isaetludo dot com> wrote:
> Hi.
> I'm new in Monowall (which is very great Firewall).
> I have a question. Is it possible to stealth ports on monowall?
> I ask that because when I go on some website to test my security it says that some ports are
stealth and some are not. They also says that it's better to stealth port in order to be 'invisible'
on internet.
> Could you please help and tell if it's possible and if yes where can I do that?

m0n0wall by default has all ports on the WAN in the so called
"stealth" state.  If you have a default configuration with no firewall
rules on your WAN interface, then you should come back stealth.  If
your ISP blocks certain ports before they get to you, they may not
come back stealth and there isn't anything you can do about it.

The difference between "stealth" (known as "block" in m0n0wall rules)
and "closed" (known as "reject" in m0n0wall rules) ports is stealth
ports won't send any answers whatsoever, while closed ports will send
a TCP RST, or for UDP, an ICMP port unreachable message back to the IP
that sent the packet.  This isn't desirable on the internet generally
(lets any potential attackers know a live host is there), but usually
is desirable on your LAN so hosts don't wait a long time for a denied
connection to time out.