IPTables and PortSentry

[Jeepsta]

Hey guys,

Its been a while

I am working on my firewall here at the house and have put an iptables script in place to route for my network and such and block everything except SSH. I just put portsentry on but it doesnt seem to do much. I am using gShield for the firewall and it seems as though gShield is dropping the packet before portsentry can do its thing. I can scan the computer and portsentry does not react.

Is there something that I need to configure with either gShield or PortSentry so that they work together??

Thanks

Portsentry is best described as a second line of defense. It monitors certain ports that you configure for it for and listens for connections on those ports. If your firewall is blocking those ports, then (barring any hackers) portsentry Never will be activated.

[Jeepsta]

So in reality there isnt much of a need for portsentry if the firewall is dropping everything. Maybe I am reading what you wrote wrong, but I do understand that if the packet is dropped automatically then portsentry will never see it and therefore never be activated.

So then my question turns to this. Is there really a need for portsentry on this box or is it really just a waste? I dont see the use as I have my firewall only allowing connections on ports that I deem ok and everything else is dropped like a bad habit. ;D

There was a discussion on this some time ago, I cant remember whether it was here or at LNO, but for the most part, portsentry is more of an IDS than anything else, kinda like snort or tripwire. But, if you have a firewall thats dropping all incoming connections except for ssh, which is encrypted anyway, no, there isnt much use in it, except if you just happen to be the paranoid type that stores national secrets on your hard drive.