nmap's "-S" option and linux SAV

[tech_related () ip pt]

Hello,

I've noticed that on my network nmap 2.53, when run with the command

nmap -sS -e ppp0 -S [false IP] [target]

completely bypasses the Source Address Verification built into the linux kernel and activaded via

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1  > $f
done

in the firewall script I use.

Does the kernel's SAV always prove incapable of blocking nmap's scans using spoofed packets? Or am I missing something?


Cheers,

Manuel

PS: This must be a typical newbie question, but I really couldn't figure this out all by myself:

nmap -sU -P0 -e ppp0 1-1024 192.168.0.2

resulted in 

Allt 1024 scanned ports on 192.168.0.2 are: filtered

but (for example)

nmap -sU P0 -e ppp0 1 192.168.0.2

outputs "port 1, state open" (the same happened with all the ports in the 1-1024 range I cared to try).

Does "open" mean the same as "filtered" in this context?