What is the best way to ban IPs scanning my ports on Linux?

postcd

Member
Joined
Jul 8, 2017
Messages
37
Reaction score
3
Credits
89
I was using denyhosts and now fail2ban to block IPs, but what is most simple and good way to block IPs that is scanning my open ports?
If possible, how to do it in either f2b or in iptables please?

UPDATE:
I liked denyhosts more than f2b for SSH bruteforce baning since it was simple to setup, but it seems to no longer be maintained +. for the port scan and tens of other malicious activities detecting i have used CSF https://configserver.com/cp/csf.html it is one of the best firewall extension. Since no one suggested other way, maybe to try this one, but it is quite complex system for my current usage case :-/
Update, found something helpful:
1. https://webmasters.stackexchange.com/questions/30821/fail2ban-port-scanning
2. http://stonygate.altervista.org/ser...o-per-internet/fail2ban-portscan-brute-force/ (if you are using UFW and having all ports closed excpet selected ones open)
 
Last edited:


The most simple is what you find most simple, fail2ban and denyhosts can probably do somewhat the same. Fail2ban can use iptables to block ip's and I would think denyhosts can do the same, try both and see which you like better and which fits your need better. I use fail2ban and have never tried denyhosts because fail2ban seems to be the most used when you do a search for a tools to help prevent bad ip's from trying connections on your open ports. I'm not going to explain how to do it for you because there are plenty of people who already have written howto's for fail2ban and denyhosts. I'm sure you can find your way around a search engine: fail2ban and denyhosts.
 
Last edited:
Uhh, haven't you been using f2b and iptables for 5yrs now?

 
C'mon after that long asking about ufw and tables, why keep asking? Asking how to block a port is one thing if you've never done it before, but cripes if you know how to block port 90, you sure know how to block port 100 so asking over and over ain't gonna get you anything you dont already know. And if you've been using something for a long time it don't make sense to ask how to use it again.

If your looking for something else besides ufw and f2b, why not google for them and ask a real question like "I heard about this any opinions?".
 
Jake DO shut up, won't you?!

You have been warned before and there should be no need to repeat that.

You have more important things to attend to like getting your COVID vaccine than stalking people from Unix to Linux forum, one after another, making their lives a misery.

This will not be tolerated here.

Delete your Posts above or I will.

Chris Turner
wizardfromoz
 
1st, I already have my vaccine thanks.
2nd, I sure ain't stalking that idiot.
3rd, feel free to delete whatever you want. Can you tell me without laughing that someone whose been using iptables ufw and f2b for YEARS can't use those things? Cmon, look at his posting history.

You want that clown here? Enjoy.
 
I sure ain't stalking that idiot.
Cmon, look at his posting history.
You want that clown here?
Although my moderator days are over, I can tell you that I have been watching YOUR posting history... for years now. With only one exception, all of your posts have been directed at postcd... but your replies to both of these users is obviously one of contempt for them, and you have acknowledged following them from other forums. Yes, jake, that is stalking.

We may fail sometimes, but we do try to offer helpful and friendly advice here, but you are not friendly. Your tone is always that of a bully, showing your superior knowledge or ridiculing others. I would prefer "that clown" to you any day. At least he is civil.

Feel free to take your misguided malice elsewhere. I will not miss you.
 
OFFTOPIC POST about this stalker/internet bully (maybe wrong word, it is just well known word a bit similar to what he is doing)

It is so unusual and interesting fenomenon for me that i spend time writing this and even publishing even it is not my nature to write things like this (since this topic is already significantly off initial topic), i am unsure if this should see the light of the world maybe it is inappropriate.

Atanere said about me following to Jake:
I would prefer "that clown" to you any day. At least he is civil.

Thank You for making my day better, if that is true.
And thank you all who think that the priority is that the forum is a friendly place. It makes me feel we are in the world of humans, not machines or animals.

If Jake reads this i want to say that what i will write should be taken lightly, i know you are valuable person and sorry if i hurt you.

In my opinion this person has high demands, but unable to accept that people may not be able to meet it or may have reasons not to do everything expected.

I think that he "likes me so much" because i was upset by his forum posting habits so i have explained myself to him and also told how i feel about his activity). He got attached to me and now is trying to attend to my threads, unfortunately i will never meet his expectations and so he will need to spend alot of his time explaining how unsufficient i am and researching on what i have said in the past to satisfy his needs (not sure what these are).

What i do not understand is that ignorance that he have to post so much unsolicited offtopic content to my threads so future readers are hardly able to find anything useful. Even if he will ask ontopic questions, i will most likely not reply to him because of his insensibility. Would you do a busines with people who has zero tolerance for you, are insensible and trying to find vulnerabilities on you? He was asked not to respond, not to vandalize my threads. I do not know the purpose of his activity but i do not think i will make him content/happy, even if i wish him all the best. I hope this will not make a discussion, i do not want to participate in it and if i do not, it does not mean i agree with what will be said. This was rather sad post. But the future is bright.
 
Last edited:


Top