Hi All,
Just wondering if there was a way in the firewall to drop a connection and return an RST packet.
I have a port scanning rule (or 6) that has been getting a workout lately and I know there are actions that can be taken to silently “drop” a packet and to also “reject”, drop the packet and send an ICMP reject. the problem with these actions is that port scanners report them both as filtered, but existing ports. If you could drop the packet and send an RST packet in response, the scanner would report the port as closed.
I know this doesn’t exist in standard actions, but maybe somewhere else?
if this capability doesn’t exist, do you think would it be a valuable enhancement request?
All the best.