87762 – Feature Request: netfilter TARPIT patch in gentoo-sources

Bug 87762 - Feature Request: netfilter TARPIT patch in gentoo-sources

Summary: Feature Request: netfilter TARPIT patch in gentoo-sources

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All All

Importance:	High enhancement (vote)
Assignee:	Gentoo Kernel Bug Wranglers and Kernel Maintainers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-04-03 04:24 UTC by Colin Kingsley (RETIRED)
Modified:	2005-04-05 12:07 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Colin Kingsley (RETIRED) gentoo-dev

2005-04-03 04:24:16 UTC

Please include support for the TARPIT target in iptables in gentoo-sources. I'd find it usefull, and there are already some other patches from the netfilter patch-o-matic in g-s.

thank you, and keep up the good work:)
Colin

Comment 1 Daniel Drake (RETIRED) gentoo-dev

2005-04-03 04:57:32 UTC

Are you talking about 2.4 or 2.6? Can you point us to the patch, and explain what it does, why its needed, why you find it useful, etc?

Comment 2 Colin Kingsley (RETIRED) gentoo-dev

2005-04-04 00:58:48 UTC

I was talking about 2.6. The TARPIT target for netfilter is intended to be used in place of the DROP target for certain purposes. It accepts the connection, and then resets the window size to 0, forcing the connection to timeout. I want to use it for my rule that blocks brute force ssh attacks.

http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT

Comment 3 Daniel Drake (RETIRED) gentoo-dev

2005-04-05 12:07:51 UTC

We tend not to add features to our 2.6 patchset as the development is moving so fast upstream. Please contact the patch author and see if you can help get it accepted into the upstream kernel.