I took this command from the demo2.mt.lv:
add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=“detect and drop port scan connections” disabled=no
I have read the documentation already but it doesn’t have enough information, so :
What exactly does psd?
What does mean 21,3s,3,1 ?
From Netfilter.org:
3.12 psd patch
This patch by Dennis Koslowski <dkoslowski@astaro.de> adds a new match that will attempt to detect port scans.
In its simplest form, psd match can be used as follows :
\
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1
Supported options for psd match are :
[--psd-weight-threshold threshold]
-> Portscan detection weight threshold
[--psd-delay-threshold delay]
-> Portscan detection delay threshold
[--psd-lo-ports-weight lo]
-> Privileged ports weight
[--psd-hi-ports-weight hi]
-> High ports weight
[--psd-hi-ports-weight hi]
Values here appear as the MT documentation with the exception of Delay Threshold which is 300 here and 3s in the MT documentation.
I'd suggest a review of the web documentation for IPTABLES and PSD for more information.
Regards
Andrew
Somebody knows why the PSD parameter isn’t present in IPv6 firewall?