On Monday 26 May 2003 18:01, Ruprecht Helms wrote:
Hi,
how have I to write a iptablerule to protect my box against portscanning with tools like nmap.
Regards, Ruprecht
You can make it more difficult for them, forcing them to use more time scanning ports, making the results of the port scan less clear. Might not always be possible of course. If you offer public services (like web server), a firewall won't protect you much against exploits against the web server. A script kiddie wanting to use a SSL exploit on an Apache server, might just scan for port 80/443, and if you offer those services to the public, not much todo about the scan as such. The author of the book "Linux Firewalls 2nd ed" has a website http://linux-firewall-tools.com/linux/ where you may find the iptable rules he used in his book, as well as links to other resources. In his scripts you'll find example rules to stop common type of "stealth scans" for ip-table. One place to put such rules in SuSEfirewall2 is in the file /etc/sysconfig/scripts/SuSEfirewall2-custom, at least too have some logging of scannings as such. Cheers, Sigfred.