| Summary: | Feature Request: netfilter TARPIT patch in gentoo-sources | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Colin Kingsley (RETIRED) <tercel> |
| Component: | [OLD] Core system | Assignee: | Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | enhancement | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Colin Kingsley (RETIRED)
2005-04-03 04:24:16 UTC
Are you talking about 2.4 or 2.6? Can you point us to the patch, and explain what it does, why its needed, why you find it useful, etc? I was talking about 2.6. The TARPIT target for netfilter is intended to be used in place of the DROP target for certain purposes. It accepts the connection, and then resets the window size to 0, forcing the connection to timeout. I want to use it for my rule that blocks brute force ssh attacks. http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT We tend not to add features to our 2.6 patchset as the development is moving so fast upstream. Please contact the patch author and see if you can help get it accepted into the upstream kernel. |