iptables Timed Port Block?

• Previous message: Robert Tinsley: "Re: Port Scans and Prelude"
• Next in thread: Steve Webster: "Re: iptables Timed Port Block?"
• Reply: Steve Webster: "Re: iptables Timed Port Block?"
• Reply: Kasper Dupont: "Re: iptables Timed Port Block?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Tantor" <tantor@tantor1.yi.org>
Date: Thu, 27 Feb 2003 16:08:51 GMT

Hey all

I'm kind of a newbie to linux, so sorry if this question is too simple.

Basically this is what I have setup. I have a computer running Redhat 7.3
setup to be a firewall for my network using masquerading in iptables.
Currently I have it setup to block all external connections to the firewall
unless they are established or related internally, except for an ftp port
(off port 21) that accepts new, established and related connections that
forward off to another computer on my network, and the same deal with the
web port (port 80).

What I want to be able to do is open port 21 and as soon as a computer scans
that port I want something that reads its ip and drop all further packets
from that person for x amount of time. Since nothing is using port 21 if
something does scan it then I have to assume that its for an attack of
somekind, so I figure it would be a good idea to just block everything from
that IP for awhile.

Is it possible to do that, or is there maybe a better solution? I've tried
looking on google, but havn't really found anything that helpped me much.

Thanks for any help you guys can provide

• Next message: Alex Pankratov: "Re: Looking for a portable IKE library"
• Previous message: Robert Tinsley: "Re: Port Scans and Prelude"
• Next in thread: Steve Webster: "Re: iptables Timed Port Block?"
• Reply: Steve Webster: "Re: iptables Timed Port Block?"
• Reply: Kasper Dupont: "Re: iptables Timed Port Block?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]