0 votes
How to block port scan with nmap? I'm working on a lab, which requires blocking port scans with nmap but I can not do it.

I did implement the iptables log with the command below but did not notice the port scan log.

iptables -I INPUT 1 -j LOG
iptables -I FORWARD 1 -j LOG
iptables -I OUTPUT 1 -j LOG
iptables -t nat -I PREROUTING 1 -j LOG
iptables -t nat -I POSTROUTING 1 -j LOG
iptables -t nat -I OUTPUT 1 -j LOG
service iptables save

View log: tail -f /var/log/messages
Wednesday, November 14 2018, 11:56 AM
Share this post:
Responses (1)
  • Accepted Answer

    Wednesday, November 14 2018, 12:31 PM - #Permalink
    0 votes
    ClearOS does not use "iptables-save". Also any commands you use at the command line get wiped when ClearOS restarts.
    Are you using ClearOS with a firewall? If so and assuming ClearOS 7,x, please install the Custom Firewall module and add your rules there, changing "iptables" to "$IPTABLES". Logging goes to /var/log/messages.

    I split my messages out with a configlet in /etc/rsyslog.d:
    # Split out Firewall messages
    if $programname == 'kernel' and $msg contains 'IN=' and $msg contains 'OUT=' then -/var/log/firewall
    & stop
    Note your logs will be huge so you need to remember to add a logrotate function if you split out the logging. Also you can just watch the INPUT chain and prehaps reduce it even further with:
    -m state --state NEW
    in your rules. You may want to miss out the "1" as that is the default when inserting rules.

    What I don't understand is that ClearOS blocks unsolicited traffic anyway, unless explicitly allowed in the incoming firewall.
    The reply is currently minimized Show
Your Reply