If you set the policy of the INPUT and FORWARD chains to DROP and only allow connection to ports you need from IP's that need to access these ports, you're automagically protected against portscans. Iptables will drop all connections to ports you have not opened, and the scanner will not know anything about them. Any ports you have opened will be visible to scanners ofcourse.
-Sietse
________________________________
From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx on behalf of Ruprecht Helms
Sent: Sat 05-Aug-06 9:14
To: Elvir Kuric
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: Preventing port scanning using iptables ?
Elvir Kuric schrieb:
> Hi all,
> I am trying to implement proper firewall to my
> network using iptables
> and I have to admit that I am amazing by amount of
> iptables features
> it offers.
> But I can not understand is there any way to prevent
> port scanning
> using iptables?
Yes by checking the tcp-flags. The connections are not established
because only the port is checked if it is reachabele.
Regards,
Ruprecht
-------------------------------------------------------------------
Ruprecht Helms IT-Service & Softwareentwicklung
let worktools be individual
Web: http://www.rheyn.de <http://www.rheyn.de/>
