On 20/01/2020 14:48, Sig Pam wrote:
Hello, world!
I'd appreciate your help with the following issue on my Debian 10 with converting the ruleset from iptables to nftables.
I'm using iptables to blacklist incoming packets for a short while. If somebody tries to scan my host, his IP address gets blacklisted for ten minutes.
The following rules are in use:
[…]
iptables -A Enemies -m recent --name psc --update --seconds 600 -j DROP
iptables -A Enemies -i eth0 -m tcp -p tcp --dport 1:21 -m recent --name psc --set -j PORTSCAN
iptables -A Enemies -i eth0 -m tcp -p tcp --dport 23:24 -m recent --name psc --set -j PORTSCAN
iptables -A Enemies -i eth0 -m tcp -p tcp --dport 26:79 -m recent --name psc --set -j PORTSCAN
[…]
This should do it:
table ip filter {
set enemies {
type ipv4_addr
flags dynamic
timeout 10m
}
chain portscan {
iifname "eth0" tcp dport { 1-21, 23-24, 26-79 } \
update @enemies { ip saddr }
iifname "eth0" ip saddr @enemies log drop
}
# ...
}
See
https://wiki.nftables.org/wiki-nftables/index.php/Updating_sets_from_the_packet_path.
--
Kerin Millar <kfm@xxxxxxxxxxxxx>
