Modify

Opened 11 years ago

Closed 11 years ago

#1046 closed enhancement (fixed)

Adding ipt_tarpit and kmod-ipt-tarpit to whiterussian

Reported by: epilog@… Owned by: florian
Priority: normal Milestone: 0.9/rc6
Component: kernel Version:
Keywords: whiterussian tarpit Cc:

Description

This simple patch will add two new packages:

  • iptables-mod-tarpit_1.3.3-2_mipsel.ipk
  • kmod-ipt-tarpit_2.4.30-brcm-5_mipsel.ipk

Then you can use the tarpit instead of the default DROP for the TCP packets that don't match:
Example:

-A INPUT -m state --state INVALID -j DROP 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp ! --tcp-option 2 --tcp-flags SYN SYN -j DROP 
-A INPUT -j input_rule 
-A INPUT -j LAN_ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -p gre -j ACCEPT 
-A INPUT -p tcp -m tcp -j TARPIT 
-A INPUT -j REJECT --reject-with icmp-port-unreachable 

Attachments (1)

tarpit-diff.patch (16.6 KB) - added by epilog@… 11 years ago.
Patch

Download all attachments as: .zip

Change History (3)

Changed 11 years ago by epilog@…

Patch

comment:1 Changed 11 years ago by florian

  • Owner changed from developers to florian
  • Status changed from new to assigned

comment:2 Changed 11 years ago by florian

  • Resolution set to fixed
  • Status changed from assigned to closed

Added in [5819] as part of iptables-mod-extra and kmod-ipt-extra

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.