Code: Select all
add action=drop chain=input comment="BLOCK PORT SCAN - Drop Port scanners" src-address-list=port_scanners
add action=drop chain=forward comment="BLOCK PORT SCAN - Drop Port scanners" src-address-list=port_scanners
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="-- BLOCK PORT SCAN - NMAP FIN Stealth scan" \
protocol=tcp src-address-list=!do_not_blacklist tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=forward comment="-- BLOCK PORT SCAN - NMAP FIN Stealth scan" \
protocol=tcp src-address-list=!do_not_blacklist tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="-- BLOCK PORT SCAN - SYN/FIN scan" protocol=tcp \
src-address-list=!do_not_blacklist tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=forward comment="-- BLOCK PORT SCAN - SYN/FIN scan" protocol=\
tcp src-address-list=!do_not_blacklist tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="-- BLOCK PORT SCAN - SYN/RST scan" protocol=tcp \
src-address-list=!do_not_blacklist tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=forward comment="-- BLOCK PORT SCAN - SYN/RST scan" protocol=\
tcp src-address-list=!do_not_blacklist tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="-- BLOCK PORT SCAN - FIN/PSH/URG scan" \
protocol=tcp src-address-list=!do_not_blacklist tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=forward comment="-- BLOCK PORT SCAN - FIN/PSH/URG scan" \
protocol=tcp src-address-list=!do_not_blacklist tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="-- BLOCK PORT SCAN - ALL/ALL scan" protocol=tcp \
src-address-list=!do_not_blacklist tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=forward comment="-- BLOCK PORT SCAN - ALL/ALL scan" protocol=\
tcp src-address-list=!do_not_blacklist tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=input comment="-- BLOCK PORT SCAN - NMAP NULL scan" protocol=\
tcp src-address-list=!do_not_blacklist tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=1d chain=forward comment="-- BLOCK PORT SCAN - NMAP NULL scan" \
protocol=tcp src-address-list=!do_not_blacklist tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
