[clug] "target problem" with iptables and TARPIT
Alex Satrapa
grail at goldweb.com.au
Thu Dec 2 04:48:15 GMT 2004
On 2 Dec 2004, at 12:30, Tony Breeds wrote:
> Silly question, do you actually have a TARPIT target?
> What does: "iptables -L | egrep Chain" say?
It's not a target chain, it's a target policy - TARPIT is supposed to
be the same type of thing as ACCEPT, DENY, REJECT, REDIRECT,
MASQUERADE, LOG, etc. These are the targets supplied by the ipt_*
modules such as ipt_MASQUERADE.o. So in the same way that you can
specify "... -j LOG --log-prefix='sample log rule'" without having a
"LOG" target chain, you can specify "... -j TARPIT" without having a
TARPIT target chain.
Of course, having explained all that, I realise now what my problem is:
TARPIT can only be used with the TCP protocol, and I was trying to
specify it as a target for the IP protocol. The correct rule for me to
use is:
iptables -I FORWARD 8 --source 203.210.128.0/17 --protocol tcp -j TARPIT
(because I want to insert this rule into the 8th position in the
FORWARD table). Now it's working fine, and the next time those
Vietnamese Cr4X0Rz try to crack my network, they'll find it a little
less fun to explore.
Catchya
Alex
More information about the linux
mailing list