|Summary:||Feature Request: netfilter TARPIT patch in gentoo-sources|
|Product:||Gentoo Linux||Reporter:||Colin Kingsley (RETIRED) <tercel>|
|Component:||[OLD] Core system||Assignee:||Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>|
|Package list:||Runtime testing required:||---|
Description Colin Kingsley (RETIRED) 2005-04-03 04:24:16 UTC
Please include support for the TARPIT target in iptables in gentoo-sources. I'd find it usefull, and there are already some other patches from the netfilter patch-o-matic in g-s. thank you, and keep up the good work:) Colin
Comment 1 Daniel Drake (RETIRED) 2005-04-03 04:57:32 UTC
Are you talking about 2.4 or 2.6? Can you point us to the patch, and explain what it does, why its needed, why you find it useful, etc?
Comment 2 Colin Kingsley (RETIRED) 2005-04-04 00:58:48 UTC
I was talking about 2.6. The TARPIT target for netfilter is intended to be used in place of the DROP target for certain purposes. It accepts the connection, and then resets the window size to 0, forcing the connection to timeout. I want to use it for my rule that blocks brute force ssh attacks. http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT
Comment 3 Daniel Drake (RETIRED) 2005-04-05 12:07:51 UTC
We tend not to add features to our 2.6 patchset as the development is moving so fast upstream. Please contact the patch author and see if you can help get it accepted into the upstream kernel.