Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block scan port 22?

    Firewalling
    4
    8
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vinacaptcha
      last edited by

      Hello all,

      How to block scan port 22 on LAN?
      So, still allow PC on LAN connect to SSH on port 22, but when detect PC is scanning port 22 then block. How to config on pfsense router?
      Thanks for advance help :)

      1 Reply Last reply Reply Quote 0
      • V
        vinacaptcha
        last edited by

        Anybody help me ! thanks

        1 Reply Last reply Reply Quote 0
        • P
          podilarius
          last edited by

          Not sure how you would block an internal port 22 scan. The traffic should never reach a firewall. So unless you have a layer 3 switch that can filter that out, there is no firewall that can do this. Now, if the traffic is scanning the internet, a pass rule above the main allow rule with advanced options might do the trick that only scans for port 22. So you can set if there are more than 5 new sessions per second, block.

          1 Reply Last reply Reply Quote 0
          • K
            kpa
            last edited by

            Block access to port 22 on the LAN rules except for selected hosts that you configure with static and known IP addresses. Also disable password authentication on SSH and enforce the use of SSH public keys for login.

            1 Reply Last reply Reply Quote 0
            • V
              vinacaptcha
              last edited by

              @podilarius : Yes, you understood me. So, I need the advanced guide as you said " if there are more than 5 new sessions per second, block" <= Can you help me make a rules for this one?

              @kpa: Thanks you, but I don't block that PC if it don't scan port 22, only block PC scanning port 22.

              Thanks

              1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator
                last edited by

                Hi vinacaptcha,

                You can accomplish that with the Snort or Suricata Package.

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • V
                  vinacaptcha
                  last edited by

                  @BBcan17 : Yes, Thanks.
                  I will review Snort now. So, difficult or advanced.

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    @vinacaptcha:

                    @BBcan17 : Yes, Thanks.
                    I will review Snort now. So, difficult or advanced.

                    We're all a pfSense family.. take a look at the following link to setup Snort or Suricata (I would recommend Snort as its a little easier to setup)

                    https://forum.pfsense.org/index.php?topic=61018.0

                    When you need help post a question in the "packages" forum.

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.