How to block port scan with nmap? I'm working on a lab, which requires blocking port scans with nmap but I can not do it.
I did implement the iptables log with the command below but did not notice the port scan log.
iptables -I INPUT 1 -j LOG
iptables -I FORWARD 1 -j LOG
iptables -I OUTPUT 1 -j LOG
iptables -t nat -I PREROUTING 1 -j LOG
iptables -t nat -I POSTROUTING 1 -j LOG
iptables -t nat -I OUTPUT 1 -j LOG
service iptables save
View log: tail -f /var/log/messages
I did implement the iptables log with the command below but did not notice the port scan log.
iptables -I INPUT 1 -j LOG
iptables -I FORWARD 1 -j LOG
iptables -I OUTPUT 1 -j LOG
iptables -t nat -I PREROUTING 1 -j LOG
iptables -t nat -I POSTROUTING 1 -j LOG
iptables -t nat -I OUTPUT 1 -j LOG
service iptables save
View log: tail -f /var/log/messages
Share this post:
Responses (1)
-
Accepted Answer
ClearOS does not use "iptables-save". Also any commands you use at the command line get wiped when ClearOS restarts.
Are you using ClearOS with a firewall? If so and assuming ClearOS 7,x, please install the Custom Firewall module and add your rules there, changing "iptables" to "$IPTABLES". Logging goes to /var/log/messages.
I split my messages out with a configlet in /etc/rsyslog.d:
Note your logs will be huge so you need to remember to add a logrotate function if you split out the logging. Also you can just watch the INPUT chain and prehaps reduce it even further with:# Split out Firewall messages
if $programname == 'kernel' and $msg contains 'IN=' and $msg contains 'OUT=' then -/var/log/firewall
& stop
in your rules. You may want to miss out the "1" as that is the default when inserting rules.-m state --state NEW
What I don't understand is that ClearOS blocks unsolicited traffic anyway, unless explicitly allowed in the incoming firewall.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »