Hello,

I have some Router Listening Ports

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
udp        0      0 0.0.0.0:2050            0.0.0.0:*                           
udp        0      0 127.0.0.1:34954         0.0.0.0:*                           
udp        0      0 0.0.0.0:53              0.0.0.0:*                           
udp        0      0 0.0.0.0:67              0.0.0.0:*                           

It is possible to close them and will the router work after closing them?

How can I do a log if someone try to contact port22
My rule
iptables -t nat -A prerouting_wan -p tcp --dport 22 -j DNAT --to 192.168.182.18:22
iptables        -A forwarding_wan -p tcp --dport 22 -d 192.168.182.18 -j ACCEP

Only this port. And if is possible to get a message better a email if someone try to connect there?
Is there a way to figure out if there a connection or a try?
It is possible to close the port after x time try for this IP for x minute?

Thanks

Dirk

There is some information about throttling SSH connections and logging them to syslog here:

http://kevin.vanzonneveld.net/techblog/ … _iptables/

You could extend on that to do what you're after.