diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall index bacc488d..fc1ff62f 100755 --- a/src/freedombone-utils-firewall +++ b/src/freedombone-utils-firewall @@ -465,6 +465,33 @@ function firewall_add_range { fi } +function firewall_handle_port_scans { + if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then + return + fi + # only works for high frequency port scanning + + # flooding of RST packets, smurf attack Rejection + iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT + + # Protecting portscans + # Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds) + iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP + iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP + + # Remove attacking IP after 24 hours + iptables -A INPUT -m recent --name portscan --remove + iptables -A FORWARD -m recent --name portscan --remove + + # These rules add scanners to the portscan list, and log the attempt. + iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:" + iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP + + iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:" + iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP + save_firewall_settings + mark_completed "${FUNCNAME[0]}" +} function firewall_remove { firewall_port=$1 diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup index 1836db2a..fd208d61 100755 --- a/src/freedombone-utils-setup +++ b/src/freedombone-utils-setup @@ -700,6 +700,9 @@ function setup_firewall { function_check configure_firewall_ping configure_firewall_ping + function_check firewall_handle_port_scans + firewall_handle_port_scans + function_check firewall_drop_telnet firewall_drop_telnet