Hello, my friend is working with Red Hat and is using ipchains for his firewall. I want to try to do this with iptables. When you try a portscan on his box, it will ignore you for like 24 hours. Anybody have any ideas on how to do this with iptables?

Secondly, how are these firewall rules? I can't remember the syntax off hand, but this is what I have in have iptables doing

Default Policies:
Incoming Drop
Forward Drop
Outgoing Allow

INPUT:
#Allows my Apache server:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#Allows my IRC server:
iptables -A INPUT -p tcp --dport 6667 -j ACCEPT
#Allows Internet Access
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Don't waste bandwidth on telnet
iptables -A INPUT -p tcp --dport 23 -j DROP
#Don't waste bandwidth on ftp
iptables -A INPUT -p tcp --dport 21 -j DROP
#If it doesn't match a previous rule, let's log it
iptables -A INPUT -j LOG

Are you sure he's doing that ONLY with IPCHAINS?

I remember an article a while back (I don't have a link sorry) that featured a script that basically waited til ipchains output what the author interpreted as a hostile communication...then the script would add the IP of origin to the HOST.DENY file.

Maybe your friend is doing something like that? Adding the IP to host.deny and then every 24 hours clearing it out?

The could be. I mean I know he's using some kind of script WITH ipchains. I want to duplicate it for IPTables.

There is a programme called Portsentry I have used with ipchains...