- /sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "TCP Scan? "
- /sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "UDP Scan? "
- /sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "ICMP Scan? "
- /sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "FRAG Scan? "
- /sbin/iptables -A PSCAN -j DROP
+ if [ "$DROPPORTSCAN" == "on" ]; then
+ /sbin/iptables -A PSCAN -p tcp -m limit --limit 10/minute -j LOG --log-prefix "DROP_TCP Scan " -m comment --comment "DROP_TCP PScan"
+ /sbin/iptables -A PSCAN -p udp -m limit --limit 10/minute -j LOG --log-prefix "DROP_UDP Scan " -m comment --comment "DROP_UDP PScan"
+ /sbin/iptables -A PSCAN -p icmp -m limit --limit 10/minute -j LOG --log-prefix "DROP_ICMP Scan " -m comment --comment "DROP_ICMP PScan"
+ /sbin/iptables -A PSCAN -f -m limit --limit 10/minute -j LOG --log-prefix "DROP_FRAG Scan " -m comment --comment "DROP_FRAG PScan"
+ fi
+ /sbin/iptables -A PSCAN -j DROP -m comment --comment "DROP_PScan"