Re: [44net] probbing and attacks on my router

Hello Lynwood et al. Amongst many other iptables rules I use the following: -A INPUT -m recent --rcheck --seconds 86400 --name portscan --mask 255.255.255.255 --rsource -j DROP -A INPUT -m recent --remove --name portscan --mask 255.255.255.255 --rsource -A INPUT -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j LOG --log-prefix "[PORT SCAN BLOCK]:" -A INPUT -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j DROP ... -A FORWARD -m recent --rcheck --seconds 86400 --name portscan --mask 255.255.255.255 --rsource -j DROP -A FORWARD -m recent --remove --name portscan --mask 255.255.255.255 --rsource -A FORWARD -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j LOG --log-prefix "[PORT SCAN BLOCK]:" -A FORWARD -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j DROP Above rules together with fail2ban effectively block/unblock portscan attempts for predefined period of time, here 86400 seconds. Best regards. Tom - SP2L