George Ellis

CLI Suspicious Activity Monitor for a port?

Discussion created by George Ellis on Mar 1, 2018
Latest reply on Mar 22, 2018 by Dameon Welch Abernathy

Does anyone have an example of the syntax to block a port using the fw sam command?

 

I use  these already.

 

Block src or dst of 94.242.249.67

fw sam -v -l long_noalert -J any 94.242.249.67

 

block any src/dst for 185.154.52.0/24

fw sam -v -l long_noalert -J subany 185.154.52.0 255.255.255.0

 

Cancel a block for a subnet 46.244.10.0/26

fw sam -v -C -J subany 46.244.10.0 255.255.255.192

 

 

 

My best guess is to block port udp/11211

 

fw sam -v -J dstpr any udp/11211

 

I am willing to bet that that is not right..  Anyone blocked a UDP port before?

Outcomes