1
17.7 Legacy Series / Create rule to allow network scans
« on: April 12, 2018, 09:08:22 am »
Hello,
I'm trying to setup a new rule at my firewall so it'll allow an specific host to scan all ports from other net.
The only problem I have is that, when the rule is already set and I launch a nmap like this:
nmap -Pn -sS -p- -T5 192.168.20.0/24
And then, the OPNsense state table collapses: I've set a max size of 815000, but if I launch three concurrent scans, it gets full. So what I want is to make a rule which allows the traffic to pass and prevents the firewall from storing every connection at the state table. I think I don't need that connections to be stored at the state table, as I don't need the firewall to perform NAT, the scans will only occur at internal networks.
I've tried different settings when creating a floating quick rule which affects to my "monitoring" interface:
No matter what I set, the state table keeps getting full with the scans. How can I allow network scans without disabling my firewall?
I'm trying to setup a new rule at my firewall so it'll allow an specific host to scan all ports from other net.
The only problem I have is that, when the rule is already set and I launch a nmap like this:
nmap -Pn -sS -p- -T5 192.168.20.0/24
And then, the OPNsense state table collapses: I've set a max size of 815000, but if I launch three concurrent scans, it gets full. So what I want is to make a rule which allows the traffic to pass and prevents the firewall from storing every connection at the state table. I think I don't need that connections to be stored at the state table, as I don't need the firewall to perform NAT, the scans will only occur at internal networks.
I've tried different settings when creating a floating quick rule which affects to my "monitoring" interface:
- State Type as none
- State Type / NO pfsync activated
- TCP flags with "Any flags." checked
No matter what I set, the state table keeps getting full with the scans. How can I allow network scans without disabling my firewall?