Metasploit has a scanning auxiliary module that can be used to perform multithreaded analysis of network ports to determine if those ports are filtered, based on
ACK probe-response analysis.
To use Metasploit to perform firewall identification, you will need to have a remote system that is running network services. Additionally, you will need to implement some type of filtering mechanism. This can be done with an independent firewall device or with host-based filtering such as Windows firewall. By manipulating the filtering settings on the firewall device, you should be able to modify the results of the scans.
To use the Metasploit
scan module to perform firewall and filtering ...