hi guys, is there a script that can send me an email when an attack on the doors comes?
thank you all

How do you detect that your router is attacked?

I put port scanner rules, when it finds an ip that scans ports, it blocks ip that generated the scan for 30 days

So you need in the script check if address-list which you use to block IPs is empty or not and then send an e-mail.

exactly, maybe even with the list of blocked ips.
is this possible?

I put port scanner rules, when it finds an ip that scans ports, it blocks ip that generated the scan for 30 days

what rules do you use for port scanners ?

I use these rules together with other filters

add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan"
add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no