Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 87762

Summary: Feature Request: netfilter TARPIT patch in gentoo-sources
Product: Gentoo Linux Reporter: Colin Kingsley (RETIRED) <tercel>
Component: [OLD] Core systemAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Severity: enhancement    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Package list:
Runtime testing required: ---

Description Colin Kingsley (RETIRED) gentoo-dev 2005-04-03 04:24:16 UTC
Please include support for the TARPIT target in iptables in gentoo-sources. I'd find it usefull, and there are already some other patches from the netfilter patch-o-matic in g-s.

thank you, and keep up the good work:)
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2005-04-03 04:57:32 UTC
Are you talking about 2.4 or 2.6? Can you point us to the patch, and explain what it does, why its needed, why you find it useful, etc?
Comment 2 Colin Kingsley (RETIRED) gentoo-dev 2005-04-04 00:58:48 UTC
I was talking about 2.6. The TARPIT target for netfilter is intended to be used in place of the DROP target for certain purposes. It accepts the connection, and then resets the window size to 0, forcing the connection to timeout. I want to use it for my rule that blocks brute force ssh attacks.
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2005-04-05 12:07:51 UTC
We tend not to add features to our 2.6 patchset as the development is moving so fast upstream. Please contact the patch author and see if you can help get it accepted into the upstream kernel.