Linux Today: Linux News On Internet Time.

10 iptables rules to help secure your Linux box

Feb 20, 2009, 15:31 (0 Talkback[s])
(Other stories by Jack Wallen)

"8: iptables -N port-scan

"This is the beginning of a rule to block furtive port scanning. A furtive port scan is a scan that detects closed ports to deduce open ports. Two more lines are needed to complete this rule:

"iptables -A port-scan -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A port-scan -j DROP

"Notice that the above rule set is adding a new chain called "port-scan". You don;t have to name it such; it's just easier to keep things organized. You can also add timeouts to the above rule set like so:

"iptables -A specific-rule-set -p tcp --syn -j syn-flood
iptables -A specific-rule-set -p tcp --tcp-flags SYN,ACK,FIN,RST RST -j port-scan

Complete Story

Related Stories: