On 3/7/06, Dave Jones <
[EMAIL PROTECTED]> wrote:
Erik Westenbroek wrote on 03/07/06 04:18:
> I am attempting create a tarpit to protect against SSH Brute force
> attempts. I tried this:
--snip--
> iptables -A SSH_Brute_Force -p tcp -j TARPIT
> After I type the last command typed I got this error message:
> iptables: No chain/target/match by that name
> What am I doing wrong?
Hi Erik
The standard Gentoo-sources kernel does not include the TARPIT target.
You need to pick up an updated kernel iptables source from
netfilter.org, and install it as follows:
I assume you have a subversion client already installed on your machine.
cd /usr/src
Pick up patch-o-matic-ng:
svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng
Pick up iptables source code:
svn co https://svn.netfilter.org/netfilter/trunk/iptables
Install kernel patches to iptables extra code
cd patch-o-matic-ng
./runme extra
Here you can select the targets/filters (e.g TARPIT) you want patching
into the kernel iptables modules.
After installing patches you must regenerate your kernel and modules to
activate the patches, and then re-emerge iptables to pick up the kernel
patches.
make menuconfig
make && make modules_install && make install
Make sure that you have USE="extensions" in your /etc/make.conf before
you emerge iptables, or it will ignore the new non-standard extensions.
emerge iptables
This worked for me.
Cheers, Dave
--
gentoo-user@gentoo.org mailing list
