Not automated; target host change state with iptables. An option would be to create a parameter so scanblocker runs without executing iptables
.
To flush introduced rules at the host: sudo iptables -F INPUT
TARGET=10.128.0.2
# 1. Conns to the same port does not trigger scan and block
curl $TARGET:80
curl $TARGET:80
curl $TARGET:80
curl $TARGET:80
curl $TARGET:80
# result: curl: (7) Failed to connect to $TARGET port 80: Connection refused
# 2. Conns to different ports and consecutive (4 or more) trigger scan & block
curl $TARGET:80
curl $TARGET:81
curl $TARGET:82
curl $TARGET:83
# Port scan detected, on next connection attempt:
curl $TARGET:84
# result: curl "hangs" when blocked
# 3. Conns to different ports with less than 3 per minute go through
curl $TARGET:80
sleep 21
curl $TARGET:81
sleep 21
curl $TARGET:82
sleep 21
curl $TARGET:83
sleep 21
curl $TARGET:84
# result: curl: (7) Failed to connect to $TARGET port 84: Connection refused
# 4. Conns that are local are not banned
# (from within the host)
curl localhost:80
curl localhost:81
curl localhost:82
curl localhost:83
curl localhost:84
# result: curl: (7) Failed to connect to localhost port 80: Connection refused