I read "Network Security Hacks" book (O'reilly) and found a hack to block nmap OS fingerprinting scan. Unfortunately the example is for OpenBSD's PF and there's no explanation to why you need to block those particular tcp flags.
If anybody has had experience with ipfw, please kindly share the equivalent rules for ipfw.
The reason certain tcp flags and combinations are recommended to be blocked are probably because said combinations are more often found in fingerprinting scans than in legitimate applications.
That beeing said, Nmap is not the only application out there doing fingerprinting, and if the idea of outsiders gaining any information with regard to your OS worries you, you should probably configure your firewall to be extremely strict (which almost certainly breaks a lot of standards), because there may pop up new ways to fingerprint your system every day. Nmap is not the only threat.
I know ipfw, but I've never felt the need to prevent against Nmaps OS fingerprinting (other than on my network firewalls, which runs pf...).
Google suggests adding the following to /etc/rc.conf:
But apparently it may break connections in some cases where legitimate applications behave in non-standard ways. Could be what you need, but YMMV.
Hah, I can fingerprint your OS using only NNTP! You're running FreeBSD! :)