Port Scan Detectors for IPTables
Hello, my friend is working with Red Hat and is using ipchains for his firewall. I want to try to do this with iptables. When you try a portscan on his box, it will ignore you for like 24 hours. Anybody have any ideas on how to do this with iptables?
Secondly, how are these firewall rules? I can't remember the syntax off hand, but this is what I have in have iptables doing
Default Policies:
Incoming Drop
Forward Drop
Outgoing Allow
INPUT:
#Allows my Apache server:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#Allows my IRC server:
iptables -A INPUT -p tcp --dport 6667 -j ACCEPT
#Allows Internet Access
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Don't waste bandwidth on telnet
iptables -A INPUT -p tcp --dport 23 -j DROP
#Don't waste bandwidth on ftp
iptables -A INPUT -p tcp --dport 21 -j DROP
#If it doesn't match a previous rule, let's log it
iptables -A INPUT -j LOG
|