Has anyone been successful at using the TARPIT target in iptables under CentOS 4? I am using CentOS 4.3, fully updated with iptables-1.2.11-3.1.RHEL4 and kernel-2.6.9-34.107.plus.c4 Doing a locate on TARPIT returns: # locate TARPIT /lib/iptables/libipt_TARPIT.so This makes me think that the TARPIT target would be valid, however when I try to use it, I get the following reponse: # iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT iptables: No chain/target/match by that name I am following the example located at the Netfilter website for rule creation: http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT I have *NOT* rebuilt my kernel, or any tools because on the surface, as it does not appear necessary. Any help would be greatly appreciated. Thanks, Barry
Barry Brimer wrote:> Has anyone been successful at using the TARPIT target in iptables under > CentOS 4?I don't have any CentOS4 box handy to check it out, but it seems like the kernel module is missing. Netfilter has two component, userspace (in /lib/iptables) and kernel (in your kernel's directory under /lib/modules). The userspace as packaged by Red Hat often has many more modules than actually supported by kernel.
Barry Brimer napsal(a):> Has anyone been successful at using the TARPIT target in iptables under > CentOS 4? > > I am using CentOS 4.3, fully updated with iptables-1.2.11-3.1.RHEL4 and > kernel-2.6.9-34.107.plus.c4 > > Doing a locate on TARPIT returns: > > # locate TARPIT > /lib/iptables/libipt_TARPIT.so > > This makes me think that the TARPIT target would be valid, however when > I try to use it, I get the following reponse: > > > # iptables -A INPUT -p tcp -m tcp --dport 80 -j TARPIT > iptables: No chain/target/match by that name > > > I am following the example located at the Netfilter website for rule > creation: > http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-TARPIT > > I have *NOT* rebuilt my kernel, or any tools because on the surface, as > it does not appear necessary. > > Any help would be greatly appreciated. > > Thanks, > BarryBarry, would you test my kernel tarpit module? If so, I'd send the link. Thanks, David
Seemingly Similar Threads
- iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues
- iptables patch-o-matic
- Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
- [Bug 78] -m psd -j TARPIT returns all ports open from nmap
- [Bug 78] New: -m psd -j TARPIT returns all ports open from nmap