[clug] iptables 'TARPIT' and Centos kernels

steve jenkin sjenkin at canb.auug.org.au
Sun Nov 23 04:35:53 GMT 2008


In my on-line research I came across the 'TARPIT' rule for iptables and
thought it was exactly right for a couple of systems I control...

The Centos iptables man page talks about 'TARPIT', and even has a
library (/lib/iptables/libipt_TARPIT.so) for it.

But the command:
 "iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j TARPIT"
gives :
 iptables: Unknown error 4294967295

Which comes down to the kernel module is missing...

There are recipes for including patches and rebuilding the kernel, but I
*really* want to use unmodified distros.

Before I waste a bunch more time, has anyone been down this path before me??

If it's a dead-end or I've setup conflicting requirements - I understand.

I went looking for userland 'tarpit' programs. There is one in CPAN
(dbtarpit), but I need to spend more time to get that working...

TIA
steve

PS: I'm still exploring 'unionfs', will report when I get somewhere with it.


-- 
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA

sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin


More information about the linux mailing list