19 May
2006
19 May
'06
13:13
On 19/05/06 01:52, Leendert Meyer wrote:
<snip> [...]
Here's another option:
You could also use the TARPIT extension from patch-o-matic. See http://www.netfilter.org/patch-o-matic/pom-extra.html, 4th item. This requires recompiling the kernel.
iptables already knows about TARPIT (man iptables), all it needs is the TARPIT kernel module.
I couldn't find "TARPIT" in man iptables. It's probably not something you'd want to use with SuSEfirewall anyway, because that requires the conntrack module, whereas netfilter.org suggests that using both at the same time is probably a massive waste of resources. Other than that little hiccup, it looks like a rather elegant solution to this sort of problem.