VMware Cloud Community
smithg001
Enthusiast
Enthusiast
‎08-07-2007 10:43 AM

How to Modify VI3 Firewall to drop packets

I am trying to decrease my visibility when someone does a port scan against my host. I already have everything closed that can be but I am looking for an equivalent option to -j (I think) in ipchains to drop the packet as opposed to denying the packet directed at a closed port.

I would like the firewall to make it look like there is nothing there to refuse the connection.

Does anyone know how to make this modification?

0 Kudos
1 Reply
Texiwill
Leadership
Leadership
‎08-07-2007 11:28 AM

Hello,

ESX by default already DROPS packets.

If you run 'esxcfg-firewall -q | more' you will see that the default POLICY for each table is to drop packets.

Are you trying to 'detect' port scans and close open ports to those that do portscans?

Best regards,

Edward

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos