Write rule to a virtual interface
Hello list!
I stop syn and steath scans with:
iptables -A INPUT -i eth1 -p tcp --tcp-flags ALL NONE -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -i eth1 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -i eth1 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth1 -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -i eth1 -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -i eth1 -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -i eth1 -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A FORWARD -i eth1 -p tcp --tcp-flags ACK,URG URG -j DROP
but if someone steath/syn scans a VIRTUAL interface on the firewall i.e.
eth1:1 (which dnats to a webserver running behing the firewall) they can
scan it no problem. I've tried using:
-i eth1:1 but I get:
Warning: weird character in interface `eth1:1' (No aliases, :, ! or *).
Is there any way to write a rule to a virtual interface or any ideas on
how to stop stealth/syn portscans going to servers behind the firewall?
Thanks,
Ryan
Reply to: