[clug] "target problem" with iptables and TARPIT
Francis Whittle
fudje at phreaker.net
Thu Dec 2 07:09:01 GMT 2004
On Thu, 2004-12-02 at 15:48 +1100, Alex Satrapa wrote:
> On 2 Dec 2004, at 12:30, Tony Breeds wrote:
> It's not a target chain, it's a target policy - TARPIT is supposed to
> be the same type of thing as ACCEPT, DENY, REJECT, REDIRECT,
> MASQUERADE, LOG, etc. These are the targets supplied by the ipt_*
> modules such as ipt_MASQUERADE.o. So in the same way that you can
> specify "... -j LOG --log-prefix='sample log rule'" without having a
> "LOG" target chain, you can specify "... -j TARPIT" without having a
> TARPIT target chain.
Interestingly enough, no, it *is* a chain. So are ACCEPT, DROP, REJECT,
REDIRECT, MASQUERADE, LOG, SNAT, DNAT, etc. Many of these chains take
options.
Default chains (Such as INPUT, OUTPUT, and FORWARD) have a target chain
policy (that used to have a restriction on what it could point to
although I'm not sure now). Presumably you could set this policy with
'iptables -P INPUT TARPIT', although the results may be a little....
undesirable.
More information about the linux
mailing list