I've been writting a script for iptables for 2 days. Now it is time to post it
. It has port scan detection, can tell you what was the port scan type, protects against SYN floods, filters or completely stops ICMP traffic. You can easily open TCP and UDP ports (separately, by specifiying in certain variables). But also there is a lot of things missing : LOG and ICMP flood protection, ULOG support (as you can see in sanity checks), blackholes for certain hosts, etc. The script itself is HERE
So, could you review it and post any suggestions or corrections to it?
Suggestions about LOG and *good* ICMP flood protection would be REALLY apriciated!