If you set the policy of the INPUT and FORWARD chains to DROP and only allow connection to ports you need from IP's that need to access these ports, you're automagically protected against portscans. Iptables will drop all connections to ports you have not opened, and the scanner will not know anything about them. Any ports you have opened will be visible to scanners ofcourse. -Sietse ________________________________ From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Ruprecht Helms Sent: Sat 05-Aug-06 9:14 To: Elvir Kuric Cc: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: Preventing port scanning using iptables ? Elvir Kuric schrieb: > Hi all, > I am trying to implement proper firewall to my > network using iptables > and I have to admit that I am amazing by amount of > iptables features > it offers. > But I can not understand is there any way to prevent > port scanning > using iptables? Yes by checking the tcp-flags. The connections are not established because only the port is checked if it is reachabele. Regards, Ruprecht ------------------------------------------------------------------- Ruprecht Helms IT-Service & Softwareentwicklung let worktools be individual Web: http://www.rheyn.de <http://www.rheyn.de/>