How can I use iptable rules to prevent port scanning like Hping and nmap?

Question

I want to add some rules to my iptables to prevent port scanning, how can I do this?
I find some solution but it's not efficient.

Port canning solution

score 3 · Answer 1 · answered Mar 11 '11 at 14:46

The best bet is having a default drop policy in iptables and then only allowing what's required. Something like:

# Drop all packets by default.
iptables -P INPUT DROP
# Allow preexisting connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow SSH from 192.0.2.0/24
iptables -A INPUT -p tcp -s 192.0.2.0/24 --destination-port 22 -i eth0 -j ACCEPT
# Allow HTTP from all
iptables -A INPUT -p tcp --destination-port 80 -i eth0 -j ACCEPT

It won't stop people from doing portscans, but it will mean that all they'll see is port 80 open.

score 0 · Answer 2 · edited Apr 13 '17 at 12:14

0

For nmap port scanning, you can check the following answer: iptables Tips & Tricks

I'm not familiar with Hping, but if Hping uses NULLflags, the answer I've linked above should also work.

edited Apr 13 '17 at 12:14

Community

1

answered Mar 11 '11 at 14:45

pepoluan

5,248

How can I use iptable rules to prevent port scanning like Hping and nmap?

2 Answers2