[clug] iptables 'TARPIT' and Centos kernels

Steve Walsh steve at nerdvana.org.au
Sun Nov 23 22:14:04 GMT 2008


steve jenkin wrote:
> In my on-line research I came across the 'TARPIT' rule for iptables and
> thought it was exactly right for a couple of systems I control...
>
> The Centos iptables man page talks about 'TARPIT', and even has a
> library (/lib/iptables/libipt_TARPIT.so) for it.
>
> But the command:
>  "iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j TARPIT"
> gives :
>  iptables: Unknown error 4294967295
>
> Which comes down to the kernel module is missing...
>   
You should just be able to load the module from 
/etc/sysconfig/iptables-config as ipt_tarpit (or maybe ipt_TARPIT), then 
restarting iptables.
> <snip>
>
>   


-- 
--==--
Steve Walsh
RHCE
Vice President / SysAdmin Team member- Linux Australia
Networks and Technology - Linux.conf.au 2008
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'





More information about the linux mailing list