# Should be an easy one.........

## FINITE

I can't figure out how to get the monmotha firewall script to "STEALTH" all closed ports so that they do not respond to queries. Being "CLOSED" is fine and all but no response is better. I am pretty sure its this option "DROP="TREJECT"" and should be set to DROP. What the heck is TREJECT? No biggy just wondering. Thanks.

----------

## pjp

The Oracle says this:

 *Quote:*   

> DROP="TREJECT"					# What to do with packets we don't want: DROP, REJECT, TREJECT (Reject with 
> 
> tcp-reset for TCP), LDROP (log and drop), LREJECT (log and reject), 
> 
> LTREJECT (log and reject with tcp-reset)

 

----------

## FINITE

So if i set that to drop then port X would not respond to anything and appear to be no existant?

----------

## pjp

I didn't say I understood it, I just found it  :Very Happy: 

Hadn't heard of the program until I read your post.  Maybe someone else can elaborate.  Have you checked out their mailing list?

----------

## FINITE

Anybody have any ideas?

----------

## rfru

whenever the monmotha script matches a packet we don't want it uses the DROP variable to specify the target ( -j ${DROP} ). so, setting the DROP variable to DROP will send no response and simply drop the packet, or effectively being stealth

----------

## FINITE

Cool, thats what i thought. Thanks man  :Smile: 

----------

