mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-07 21:25:12 +02:00
7a981b17b5
Populate the iptables-addons repository with two modules, xt_TARPIT and xt_TEE, as a starting point. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
17 lines
752 B
Plaintext
17 lines
752 B
Plaintext
config NETFILTER_XT_TARGET_TARPIT
|
|
tristate '"TARPIT" target support'
|
|
depends on NETFILTER_XTABLES
|
|
---help---
|
|
Adds a TARPIT target to iptables, which captures and holds incoming TCP
|
|
connections using no local per-connection resources. Connections are
|
|
accepted, but immediately switched to the persist state (0 byte
|
|
window), in which the remote side stops sending data and asks to
|
|
continue every 60-240 seconds. Attempts to close the connection are
|
|
ignored, forcing the remote side to time out the connection in 12-24
|
|
minutes.
|
|
|
|
This offers similar functionality to LaBrea
|
|
<http://www.hackbusters.net/LaBrea/>, but does not require dedicated
|
|
hardware or IPs. Any TCP port that you would normally DROP or REJECT
|
|
can instead become a tar pit.
|