Configure the tracking of port blocks logged by iptables to syslog.
juggernaut --task=lfd:tracking:portscanOption |
Value | Default | Description |
|---|---|---|---|
--PS_INTERVAL |
<0|60-3600> | 0 | If an IP address generates a port block that is logged more than PS_LIMIT within PS_INTERVAL seconds, the IP address will be blocked. To disable this option set to 0. |
--PS_LIMIT |
<2-20> | 10 | If an IP address generates a port block that is logged more than PS_LIMIT within PS_INTERVAL seconds, the IP address will be blocked. |
--PS_PORTS |
<string> | 0:65535,ICMP | The ports / port ranges that should be tracked by the Port Scan Tracking feature. |
--PS_DIVERSITY |
<1-100> | 1 | How many different ports qualifies as a port scan. Raising this value above 1 means that persistent attempts to attack a specific closed port will not be detected and blocked. |
--PS_PERMANENT |
<1|0> | 0 | Make port scan tracking blocks permanent. |
--PS_BLOCK_TIME |
<300-86400> | 3600 | The port scan tracking temporary block time in seconds. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set the PS_INTERVAL
juggernaut --task=lfd:tracking:portscan --PS_INTERVAL=60 --restart=yes
// reset PS_INTERVAL to default
juggernaut --task=lfd:tracking:portscan --default_option=PS_INTERVAL --restart=yes
// reset all settings back to default
juggernaut --task=lfd:tracking:portscan --default=yes --restart=yes