Shooting from the hip a bit here, but how about a fwmark?
# set mark for remapped traffic iptables -t mangle -A PREROUTING -p tcp --dport 23 -m conntrack --ctstate DNAT -j MARK --set-mark <mark> # apply tarpit if not remapped iptables -A INPUT -p tcp --dport 23 -m mark ! --mark <mark> -j TARPIT On 2024-11-10 21:49, Philip Prindeville wrote: > Hi, > > I’m still using firewall3 (yeah, yeah, I know). > > I remap certain ports, and I TARPIT them on the well-known service port, but > that’s also catching the remapped destination port. > > For instance, let’s say I run Telnet (I don’t, but we’ll use it as an > example) from 2300 to 23. I want to TARPIT traffic arriving (unmapped) on > 23, but traffic remapped from 2300 to 23 I don’t want to TARPIT. > > How do I differentiate these in the rules? I thought the MARK might give a > hint but it doesn’t. > > Is there another attribute I can use? > > Thanks, > > -Philip > > _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
