Mitigate port scanning

src/freedombone-utils-firewall

@@ -465,6 +465,33 @@ function firewall_add_range {
     fi
 }
 
+function firewall_handle_port_scans {
+    if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
+        return
+    fi
+    # only works for high frequency port scanning
+
+    # flooding of RST packets, smurf attack Rejection
+    iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
+
+    # Protecting portscans
+    # Attacking IP will be locked for 24 hours (3600 x 24 = 86400 Seconds)
+    iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
+    iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
+
+    # Remove attacking IP after 24 hours
+    iptables -A INPUT -m recent --name portscan --remove
+    iptables -A FORWARD -m recent --name portscan --remove
+
+    # These rules add scanners to the portscan list, and log the attempt.
+    iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
+    iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
+
+    iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:"
+    iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP
+    save_firewall_settings
+    mark_completed "${FUNCNAME[0]}"
+}
 
 function firewall_remove {
     firewall_port=$1

src/freedombone-utils-setup

@@ -700,6 +700,9 @@ function setup_firewall {
     function_check configure_firewall_ping
     configure_firewall_ping
 
+    function_check firewall_handle_port_scans
+    firewall_handle_port_scans
+
     function_check firewall_drop_telnet
     firewall_drop_telnet