Re: security/portsentry removal

From: Dan Mahoney (Ports) <>
Date: Sun, 09 Apr 2023 16:18:31 UTC

> On Apr 8, 2023, at 9:01 AM, Andrea Venturoli <> wrote:
> On 4/8/23 16:40, Helge Oldach wrote:
>> I wonder why that would provide anything useful though.
> Main reason is to react to port scans or swiping attempts at well-known service.
> I.e. Someone (or some bot) connect to port 22, 25, 110, etc... when there's no such service available and he/she/it gets banned.
> I too am wondering whether this still makes sense today (after more that 20 years since portsentry was conceived).
> Yey I'm currently tasked to replace it, with possible questions being asked later :)

From a security point of view, detecting when someone is running a portscan on you is still useful.  Especially when FreeBSD is running on a NAT box or a router, so it has visibility for more than just its own host.

If I had to implement this today, I’d simply do it with ipfw log rules (for any list of closed ports), and fail2ban, which could be used to block subnets after any N attempts.  As a bonus, you don’t need a daemon listening on the ports to do this.