Originally Posted by //////
when i set up my openbsd firewall box its firewall rules had the ability of blocking os'es, i believe it has os detection buil-in using p0f.
It might block
- Ports which are usually OS specific e.g. smb
- http headers from e.g. web browsers which include OS information
These might prevent legitimate users from access but are not in the very least effective against anyone who can read basic English.
OS detection requires fingerprinting using some tool e.g. nmap. So you have to have something that performs a host scan on incoming traffic and then allow / deny access based on host info e.g. in this case the OS host is running. iptables will filter just fine. The additional overhead - os detection - will have top be offloaded to some other program.