Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking XMAS scan using TCP flags

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      samurai15
      last edited by

      Hello,

      I am in a process of migrating an existing Linux based FW / router to pfSense 2.1.

      With the Linux router, I was able to set a blocking rule for XMAS scan using iptables.

      iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP

      If I am not mistaken, the first argument describes what to examine ( ALL being FIN,SYN,RST,PSH,ACK and URG ) and the second argument describes flags that must be set.

      I tried to achieve this using the pfSense 2.1 by ticking those 6 flags for 'set' and left others blank. As soon as I hit 'Save' button, it threw an error as follow.


      The following input errors were detected:

      If you specify TCP flags that should be set you should specify out of which flags as well.

      • By ticking all 8 flags ( including ECE and CWR ) set also gave the same error.

      Next thing I did was to tick ECE and CWR for 'out of' while FIN,SYN,RST,PSH,ACK and URG were all set on. This allowed me to save the configuration, however an notification came up saying;


      [ There were error(s) loading the rules: /tmp/rules.debug:169: flags always false - The line in question reads [169]: block in quick on $WAN reply-to ( bce1 <wan ip="" address="">) inet proto tcp from any to any flags FSRPAU/EW label USER_RULE]
      –---------------------------------------------

      Unfortunately I could not find any relevant information to achieve this setting and would like to get assistance from the forum.

      Thanks in advance !</wan>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.