FW_EXAMPLE_RULES

The following firewall rulesets are examples of rulesets that are compatible
with psad.  Basically, the only criteria is have the firewall log and
drop packets that should not be allowed through.  Then a port scan will
manifest itself within /var/log/messages as packets are dropped and logged,
at which time these messages will be written to the /var/lib/psad/psadfifo
named pipe and analyzed by psad.


### iptables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
ACCEPT     tcp  --  129.xx.xx.xx         64.44.21.15        tcp dpt:22 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  208.xx.xx.xx         64.44.21.15        tcp dpt:22 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  24.xx.xx.xx          64.44.21.15        tcp dpt:22 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  208.xx.xx.xx         64.44.21.15        tcp dpt:22 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  0.0.0.0/0            64.44.21.15        tcp dpt:25 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  0.0.0.0/0            64.44.21.15        tcp dpt:80 flags:SYN,RST,ACK/SYN
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG level warning prefix `DROP '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG level warning prefix `DROP '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination