Create rule to allow network scans

Started by nicovell3, April 12, 2018, 09:08:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 12, 2018, 09:08:22 AM
Hello,

I'm trying to setup a new rule at my firewall so it'll allow an specific host to scan all ports from other net.

The only problem I have is that, when the rule is already set and I launch a nmap like this:

nmap -Pn -sS -p- -T5 192.168.20.0/24

And then, the OPNsense state table collapses: I've set a max size of 815000, but if I launch three concurrent scans, it gets full. So what I want is to make a rule which allows the traffic to pass and prevents the firewall from storing every connection at the state table. I think I don't need that connections to be stored at the state table, as I don't need the firewall to perform NAT, the scans will only occur at internal networks.

I've tried different settings when creating a floating quick rule which affects to my "monitoring" interface:

  • State Type as none
  • State Type / NO pfsync activated
  • TCP flags with "Any flags." checked

No matter what I set, the state table keeps getting full with the scans. How can I allow network scans without disabling my firewall?
April 12, 2018, 12:33:03 PM #1
In theory there are three fixes: disable state tracking, use a full connect scan and run nmap directly on OPNsense.
April 12, 2018, 01:10:41 PM #2
Hello fabian, thanks for your reply,

When you say "disable state tracking", are you talking about the entire firewall? How can that be done and which implications would that have?

Thanks for your help.
April 12, 2018, 01:23:13 PM #3
no, just the pass rule that allows the scan (and a reverse rule of course)
April 12, 2018, 01:39:30 PM #4
And how can I disable state tracking for those two specific rules? I tried setting those rules with the field "State Type" set to "none", but the State table size keeps getting full.
Print
Go Up Pages1
User actions