add action=add-src-to-address-list address-list=spammer address-list-timeout=1d chain=forward comment="Detect and add-list SMTP virus or spammers" dst-port=25 protocol=tcp add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" dst-port=25 protocol=tcp src-address-list=spammer add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input comment="Port Scanners to list" protocol=tcp psd=21,3s,3,1 src-address=!103.21.229.14 add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input protocol=tcp src-address=!103.21.229.14 tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input protocol=tcp src-address=!103.21.229.14 tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input protocol=tcp src-address=!103.21.229.14 tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input protocol=tcp src-address=!103.21.229.14 tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input protocol=tcp src-address=!103.21.229.14 tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=1h chain=input protocol=tcp src-address=!103.21.229.14 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input src-address-list="port scanners"