I have taken the Tarpit instructions below and made Tarpit the default action. To do this I changed the DROP_DEFAULT in shorewall.conf to Tarpit.
The Tarpit action doesn't handle UDP, ICMP, etc asis. I added another rule to handle them ie: cat /etc/shorewall/Tarpit use Shorewall::Chains; add_rule $chainref, "-p tcp -j TARPIT"; # DROP for all other protocols add_rule $chainref, "-j DROP"; Seems to be working, has anyone else tried this? This would make every host in the blacklist get tarpitted? Or do I need to set BLACKLIST_DISPOSITION=Tarpit in shorewall.conf? Thanks, ds Original tarpit instructions: tarpitting a DDOS attack against a legitimate website takes the site offline. The TARPIT target is available in xtables-addons and it is easy to construct an action to invoke it: Assuming shorewall-perl.... /etc/shorewall/actions: Tarpit /etc/shorewall/action.Tarpit <empty file> /etc/shorewall/Tarpit: use Shorewall::Chains; add_rule $chainref, "-p tcp -j TARPIT"; /etc/shorewall/rules Tarpit net ... tcp 80 - ... ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
