On Tue, 2003-09-30 at 15:58, bmcdowell@xxxxxxxxxxxxxxxxxx wrote: > Well, I've gotten mixed results. I did get the TARPIT target to work, but cannot for the life of me get 'nth' to work also. It shows up as an option in the kernel config, but the libipt_nth.so is never created. I can see a libipt_nth.h in the source, but that's as close as it gets. > For the libraries to be created, you have to recompile the iptables userspace proggies. > One thing that gives me pause is that I am using 1.2.8, and not 1.2.7a. There are two reasons why I think this may be important. First, the pom is older than the iptables version I am using. Second, libipt_TARPIT.c and libipt_TARPIT.d are both found in the source for iptables 1.2.8. Does this not mean that TARPIT is included at least as an option in 1.2.8? Of course, if it is, I can't seem to get it to show up in the kernel menu... > As above, you need to recompile the iptables source and spcify your kernel dir as per the INSTALL doc. > Please forgive any ignorance on my part... > > Thanks, > > Bob > > -----Original Message----- > From: netfilter-admin@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]On Behalf Of Cedric Blancher > Sent: Friday, September 26, 2003 4:32 PM > To: Bob McDowell > Cc: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: TARPIT target > > > Le ven 26/09/2003 à 22:45, bmcdowell@xxxxxxxxxxxxxxxxxx a écrit : > > How do I use the TARPIT target? > > I have iptables 1.2.8 installed and working otherwise. I'm running RedHat 9. > > When I try and use > > 'iptables -A FORWARD -j TARPIT' > > I get > > 'iptables: No chain/target/match by that name' > > Your kernel does not support TARPIT. > > > I have rebuilt the kernel, but I do not see an option for 'TARPIT' > > anywhere in the netfilter stuff. Yes, I do have 'experimental' turned > > on. I have also deleted iptables completely and used only the source > > to install it. > > TARPIT target is in patch-o-matic (extra section). So you have to > download and install it. > > 1. install patch-o-matic (see README) > 2. rebuild your kernel from sources that got patched > 3. build iptables > > And it should work. > > Not that TARPIT only applies to TCP connections. So your previously > given command won't work : > > cbr@elendil:~$ sudo iptables -A FORWARD -j TARPIT > iptables: Invalid argument > > You have to specify TCP matching : > > cbr@elendil:~$ sudo iptables -A FORWARD -p tcp -j TARPIT > cbr@elendil:~$ sudo iptables -L FORWARD > Chain FORWARD (policy ACCEPT) > target prot opt source destination > TARPIT tcp -- anywhere anywhere -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
