[SOLVED] iptables, me again :)

[ukro]

Yello
i want this

$IPTABLES -A port-scan -p tcp –tcp-flags SYN,ACK,FIN,RST RST -m limit –limit 1/s -j RETURN

i get this

"run_before" with value "$IPTABLES -A port-scan -p tcp –tcp-flags SYN,ACK,FIN,RST RST -m limit –limit 1/s -j RETURN" fails to match the required pattern: /^[\x09-\x0D -~\x80-\xFE]{1,65535}$/

I want to add basic port scanner prevention rules:
iptables -A port-scan -p tcp –tcp-flags SYN,ACK,FIN,RST RST -m limit –limit 1/s -j RETURN iptables -A port-scan -j DROP –log-level 6 iptables -A specific-rule-set -p tcp –syn -j syn-flood iptables -A specific-rule-set -p tcp –tcp-flags SYN,ACK,FIN,RST RST -j port-scan

pls help

 

[ukro]

Sorry my mistake, wrong "-"
This work correctly:
$IPTABLES -A port-scan -p tcp -tcp-flags SYN,ACK,FIN,RST RST -m limit -limit 1/s -j RETURN;$IPTABLES -A port-scan -j DROP -log-level 6;$IPTABLES -A specific-rule-set -p tcp -syn -j syn-flood;$IPTABLES -A specific-rule-set -p tcp -tcp-flags SYN,ACK,FIN,RST RST -j port-scan

 

[Carles Munyoz]

Hi,
Then, your problem is solved, is it correct?

 

[ukro]

Yes, sorry to take time

 

[ukro]

I want to say again ! It is so easy to manage servers with fwcloud omg! ))))))))))))

 

[Carles Munyoz]

Thank you very much for your comments!
We are doing our best for improve FWCloud day by day.
The next release that we will launch in June will have new amazing features like NFTables compiler and advanced routing management.

Best regards.

 

[ukro]

Noice! looking forward!