Please include support for the TARPIT target in iptables in gentoo-sources. I'd find it usefull, and there are already some other patches from the netfilter patch-o-matic in g-s.
thank you, and keep up the good work:)
Are you talking about 2.4 or 2.6? Can you point us to the patch, and explain what it does, why its needed, why you find it useful, etc?
I was talking about 2.6. The TARPIT target for netfilter is intended to be used in place of the DROP target for certain purposes. It accepts the connection, and then resets the window size to 0, forcing the connection to timeout. I want to use it for my rule that blocks brute force ssh attacks.
We tend not to add features to our 2.6 patchset as the development is moving so fast upstream. Please contact the patch author and see if you can help get it accepted into the upstream kernel.