thank you to all. I now have tarpits up and running smoothly.
On 3/8/06, Andrew Frink <[EMAIL PROTECTED]> wrote: > You could also just add the "extensions" USE flag to iptables and that > should give you tarpit support > > On 3/7/06, Dave Jones <[EMAIL PROTECTED]> wrote: > > > > Erik Westenbroek wrote on 03/07/06 04:18: > > > I am attempting create a tarpit to protect against SSH Brute force > > > attempts. I tried this: > > --snip-- > > > iptables -A SSH_Brute_Force -p tcp -j TARPIT > > > After I type the last command typed I got this error message: > > > iptables: No chain/target/match by that name > > > > > What am I doing wrong? > > > > Hi Erik > > > > The standard Gentoo-sources kernel does not include the TARPIT target. > > You need to pick up an updated kernel iptables source from > > netfilter.org, and install it as follows: > > > > I assume you have a subversion client already installed on your machine. > > > > cd /usr/src > > > > Pick up patch-o-matic-ng: > > > > svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng > > > > Pick up iptables source code: > > > > svn co https://svn.netfilter.org/netfilter/trunk/iptables > > > > Install kernel patches to iptables extra code > > > > cd patch-o-matic-ng > > ./runme extra > > > > Here you can select the targets/filters (e.g TARPIT) you want patching > > into the kernel iptables modules. > > > > After installing patches you must regenerate your kernel and modules to > > activate the patches, and then re-emerge iptables to pick up the kernel > > patches. > > > > make menuconfig > > make && make modules_install && make install > > > > Make sure that you have USE="extensions" in your /etc/make.conf before > > you emerge iptables, or it will ignore the new non-standard extensions. > > > > emerge iptables > > > > This worked for me. > > > > Cheers, Dave > > -- > > gentoo-user@gentoo.org mailing list > > > > > -- Erik http://erikstotle.homelinux.org/ -- gentoo-user@gentoo.org mailing list
