This script helps to avoid portscanning on Linux systems.
Hackers and unskilled script-users often scan servers for open ports. If they find one, such as your SSH port, they will attempt to crack it. This script helps protect Linux systems with built-in firewall protection (iptables) from portscan attacks by automatically blocking the IP address of any attacker who attempts to access ports too quickly.
The menu before install
The menu after install
sudo apt update && sudo apt install curl iptables ipset -y
sudo yum install curl iptables ipset -y
curl -s https://raw.githubusercontent.com/Feriman22/portscan-protection/master/portscan-protection.sh | sudo bash /dev/stdin -i
If you run it without argument, you have few options:
The Install
process copies the script to the /usr/local/sbin folder and then creates a new cron rule in the file called portscan-protection in the /etc/cron.d folder. It is executed once by itself to enable the ipset/iptable rules, and every startup, so your server is protected at all times.
The Uninstall
process removes the script from the /usr/local/sbin folder, removes the crontab entry and deletes ipset/iptable rules.
WARNING! After this step, you can no longer run the script from the /usr/local/sbin folder!
The Edit Whitelist
option allow to add IPv4 addresses to the whitelist. Add one IP per line to this file. These IP addresses will be never blocked. Note: Only IPv4 addresses are supported.
The Verify
process checks the crontab entry, the location of the script, the execution permission, the ipset/iptables commands and the active firewall rules.
The Update from GitHub
process updates the installed script. You cannot update it before the installation!
Nothing to do! Just install the script and enjoy the protection! If you want to run the script again, just type portscan-protection.sh
as root user.
If you want to use this script somewhere else (e.g. in an OS installer script), there are some arguments:
-i, --install
Install the script
-u, --uninstall
Uninstall the script without confirmation
-v, --verify
Verify the installation
-up, --update
Update the script from GitHub
--cron
Run the script like the crontab does. It will only set ipset/iptable rules and auto-update the script if not disabled. No output.
Exit codes:
Exit code | What does it mean? |
---|---|
0 | Everything was fine (no error) |
5 | Not enough permission. Run as root or with sudo |
6 | ipset command not found |
7 | iptables command not found |
8 | GitHub is not available |
9 | Answered No at Uninstall |
10 | curl, iptables or ipset command not found |
130 | Script canceled by ctrl + c |
The script will automatically update itself after reboot. If you want to disable it, modify the 7th line in the script.
However you can update it manually by running the script and choose "Update the script" or run with --update argument like this:
/usr/local/sbin/portscan-protection.sh --update
26-06-2023
14-03-2023
16-08-2022
05-04-2021
04-04-2021
01-02-2021
28-04-2020
26-04-2020
15-04-2020
14-04-2020
13-04-2020
If you found my work helpful, I would greatly appreciate it if you could make a donation through PayPal to support my efforts in improving and fixing bugs or creating more awesome scripts. Thank you!