ansible-ferm icon indicating copy to clipboard operation
ansible-ferm copied to clipboard

Published 20 hours ago verified publisher icon debops

recent-badguys also triggers for broadcast and multicast.

Open ypid opened this issue 9 years ago • 1 comments

Hi

One should be careful when enabling ferm_mark_portscan as it also triggers for broadcast and multicast and thus might block legitimate hosts. This is probably only relevant for LAN environments.

I have solved that issue for my workstation with the "addrtype" module (custom Firewall script :wink: ):

-m addrtype --dst-type BROADCAST,MULTICAST

ypid avatar Sep 01 '15 11:09 ypid

Marking potential port scans in this way is not active by default in debops.ferm. Perhaps a separate list of whitelisted networks could be added here, so that the affected hosts can be easily added. I imagine that this would be a broad range of hosts.

drybjed avatar Sep 01 '15 12:09 drybjed