#!/bin/bash
#Copyright 2004 William Stearns <wstearns@pobox.com>
#Released under the GPL
#Automatically generated by Modwall, http://www.stearns.org/modwall/

#==== Iptables modules required ==== psd recent
#==== Brick specific help ====
#	The catchmapper module identifies people trying to map our network.  It
#uses the psd (port scan detector) module to identify - you guessed it - 
#port scans.  When found, the source address of the scan is remembered in
#the mapper table for punishment by the punishmapper module.
#	Because of the potential for a spoofed source address in a probe
#packet, this is a potentially dangerous module.

/usr/bin/sudo /sbin/iptables -N catchmapper
/usr/bin/sudo /sbin/iptables -A catchmapper -m recent --name mapper --set -j DROP
/usr/bin/sudo /sbin/iptables -A INPUT -i ! lo -m psd -j catchmapper
/usr/bin/sudo /sbin/iptables -A FORWARD -m psd -j catchmapper
/usr/bin/sudo /sbin/iptables -A OUTPUT -o ! lo -m psd -j catchmapper