free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Mitigate port scanning

This commit is contained in:
Bob Mottram 2018-04-14 13:23:34 +01:00
parent 4cad482b5f
commit ff31ff6961
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/freedombone-utils-firewall
View File

@ -465,6 +465,33 @@ function firewall_add_range {
fi
}
function firewall_handle_port_scans {
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
return
fi
# only works for high frequency port scanning
# flooding of RST packets, smurf attack Rejection
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
# Protecting portscans
# Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds)
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
# Remove attacking IP after 24 hours
iptables -A INPUT -m recent --name portscan --remove
iptables -A FORWARD -m recent --name portscan --remove
# These rules add scanners to the portscan list, and log the attempt.
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
save_firewall_settings
mark_completed "${FUNCNAME[0]}"
}
function firewall_remove {
firewall_port=$1

3
src/freedombone-utils-setup
View File

@ -700,6 +700,9 @@ function setup_firewall {
function_check configure_firewall_ping
configure_firewall_ping
function_check firewall_handle_port_scans
firewall_handle_port_scans
function_check firewall_drop_telnet
firewall_drop_telnet