Ronald wrote: [...] > That is weird, if you block ICMP outgoing in comodo, all the closed > ports are shown as stealthed. This is really confusing ... What is comodo? Which scan test are you using? If it's a UDP scan this is not weird. If a closed port (i.e. a port no service is listening on) is contacted, an ICMP port unreachable message is sent back. By blocking this ICMP message (or blocking all outgoing ICMP traffic), you get the same result as if you blocked the incoming packet: the sender doesn't get a response and so the port is 'stealthed'. If it's a TCP scan, the kernel sends back a TCP Reset. In this case blocking ICMP should have no effect (in this case: yes, it's weird). BTW: If you block traffic to ports services are listening on, but accept traffic to closed ports, someone who scans your IP knows: 1. You are there. He gets ICMP port unreachable messages or TCP Reset for the closed but unblocked (not 'stealthed') ports. 2. He knows which ports you are running services on (-> the ports he doesn't get the ICMP messages or TCP Reset). This may not be what you want. You wrote that skype requires to have everything open above port 1024. This can't be true! Skype works perfectly if you accept all outgoing traffic and a) configure skype to use a certain port and accept incoming traffic to this port, or (better) b) drop *all* incoming traffic and use connection tracking. This lets pass all incoming packets belonging to a connection initialized by your computer: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (you can leave out the ',RELATED' but then you'll run into trouble with e.g. FTP and ICMP error messages) michael
