Hello!

I'm facing some dificulties to block external IP addresses from scanning HTTP ports on our network. We have a /24 subnet with valid IP addresses and all port scanners scripts works only for few ports. How can I create a rule to add src. addresses that scan my entire subnet at HTTP 80? I have a exception IP address that I use locally to manage my network at port 80. And of course, I don't wanna deny port 80 access to my customers, I just want to filter who is scanning my subnet or trying to open many 80 tcp connections at my entire subnet.

Thanks in advance

You can look at "limit" and "dst-limit" parameters in firewall.

You can also add a "honeypot", i.e. a system where nobody should be accessing port 80.
Best is that there is no DNS name for this address.
Then make a rule that adds the source address for those that access this port to an address-list, and a rule
that blocks all traffic from this source address to your entire subnet.

Once somebody tries to scan this system, they are locked out from your network.