Hi, our 7.306 firewall has been sending me portscan alerts about scans coming from an IP Russia.
So, I made a network def for their whole /20 netblock (according to RIPE), and added a rule, above any rules for public incoming, to logdrop the traffic.
'iptables -L -n' shows this rule is in effect:
LOGDROP all -- 77.221.128.0/19 0.0.0.0/0 LOGMARK match 5
However, I still get portscan alerts.
I know I could probably modify the portscan settings, but...
On v6, I don't get alerts for traffic which is blocked by the pf.
Does v7's portscan alert listen before the iptables firewall?
What is the best way to block/filter these?
Thanks,
Barry
This thread was automatically locked due to age.