On 04-01-12 06:54, Reindl Harald wrote:
hi
i would like to drop all icoming packets of any ip tried
to connect to telnet (port 23) which is meant as trap
for port-scans, there are some samples out there but i got
none of them working until now :-(
iptables -N port-scan
iptables -A port-scan -p tcp --dport 23 --tcp-flags ALL SYN -m limit --limit 3/m --limit-burst 5 -j LOG
--log-prefix "portscan trap: "
iptables -A port-scan -p tcp --dport 23 --tcp-flags ALL SYN -m recent --update --seconds 60 -j RETURN
iptables -A port-scan -j DROP
Don't have much experience with iptables but shouldn't the rule apply to
the INPUT filter? So, taking your rules, something like this:
iptables -N port-scan
iptables -A port-scan -p tcp --dport 23 --tcp-flags ALL SYN -m limit
--limit 3/m --limit-burst 5 -j LOG --log-prefix "portscan trap: "
iptables -A INPUT -j port-scan
Regards,
Patrick
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
