>> > using tarpit instead of just dropping the connections. >> Whatever. Without connection tracking you might as well use ipchains. >the tarpit howto does say to turn connection tracking off. No, it does not! To quote: You probably don't want the conntrack module loaded while you are using TARPIT, or you will be using resources per connection. Which is not the same as "does not work with conntrack". Jan Engelhardt -- | Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen, | Am Fassberg, 37077 Goettingen, www.gwdg.de
