[clug] iptables 'TARPIT' and Centos kernels
Steve Walsh
steve at nerdvana.org.au
Sun Nov 23 22:14:04 GMT 2008
steve jenkin wrote:
> In my on-line research I came across the 'TARPIT' rule for iptables and
> thought it was exactly right for a couple of systems I control...
>
> The Centos iptables man page talks about 'TARPIT', and even has a
> library (/lib/iptables/libipt_TARPIT.so) for it.
>
> But the command:
> "iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j TARPIT"
> gives :
> iptables: Unknown error 4294967295
>
> Which comes down to the kernel module is missing...
>
You should just be able to load the module from
/etc/sysconfig/iptables-config as ipt_tarpit (or maybe ipt_TARPIT), then
restarting iptables.
> <snip>
>
>
--
--==--
Steve Walsh
RHCE
Vice President / SysAdmin Team member- Linux Australia
Networks and Technology - Linux.conf.au 2008
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
More information about the linux
mailing list