ポートスキャン遮断 PortSentry インストール

[root@freebsd ~]# cd /usr/ports/security/portsentry
[root@freebsd portsentry]# make install clean
[root@freebsd portsentry]# cd

[root@freebsd ~]# cp /usr/local/etc/portsentry.conf.default /usr/local/etc/portsentry.conf
[root@freebsd ~]# chmod 640 /usr/local/etc/portsentry.conf
[root@freebsd ~]# vi /usr/local/etc/portsentry.conf
#KILL_ROUTE="/bin/echo 'block in log on external_interface from $TARGET$/32 to any' | /sbin/ipf -f -"
↓
KILL_ROUTE="/bin/echo 'block in log on external_interface from $TARGET$/32 to any' | /sbin/ipf -f -" ←コメント解除

[root@freebsd ~]# /usr/local/etc/rc.d/portsentry.sh start
 portsentry (tcp udp)

[root@freebsd ~]# ps ax | grep port
 1151  ??  Is     0:00.00 /usr/local/bin/portsentry -tcp
 1153  ??  Is     0:00.00 /usr/local/bin/portsentry -udp
 1155   0  RL+    0:00.00 grep port