# tcp 3-way handshake, how to block kernel sending RST flag?



## irukandji (Oct 26, 2018)

When port is closed, kernel sends RST flag to the client, which prevents me from seding my syn-ack packet back. Is there any way to disable/block it, I am a bit clueless about how to do it in pf while net.inet.tcp.blackhole blocks all outgoing packets (also mine).

This works fine on linux: `iptables -A OUTPUT -p tcp --source-port xxx --tcp-flags RST RST -j DROP ` but I am unable to do it on freebsd


----------



## SirDice (Oct 26, 2018)

irukandji said:


> When port is closed, kernel sends RST flag to the client, which prevents me from seding my syn-ack packet back.


Why do you want to send a SYN/ACK in response to a SYN to a closed port? Only an _open_ port should respond with a SYN/ACK.


----------



## irukandji (Oct 26, 2018)

Exactly. Instead of trying to ban port scanners, I will serve them what they search for. Open ports - all service ports. I already have a working solution for my dev. system - linux, it is just this detail that is stopping it deploy it for freebsd that is my main target.

I could be doing it some other way, but using raw sockets is much faster and less resource intensive.


----------



## irukandji (Oct 28, 2018)

Ok, this is becoming frustrating:
set block-policy drop
block out quick on re0 proto tcp from any port xxxx to any flags R/R

Nothing works =/


----------



## irukandji (Oct 28, 2018)

Omg, what a stupid bug... I am sorry for nagging, you can delete this thread, my mistake


----------



## SirDice (Oct 29, 2018)

The whole point of a forum is so _others_ can learn from mistakes.


----------



## irukandji (Oct 29, 2018)

SirDice said:


> The whole point of a forum is so _others_ can learn from mistakes.



This was my bug in my code. But never mind, for the others "set block-policy drop" works.


----------

