Dave Sparks wrote: > I have taken the Tarpit instructions below and made Tarpit the > default action. To do this I changed the DROP_DEFAULT in > shorewall.conf to Tarpit. > > The Tarpit action doesn't handle UDP, ICMP, etc asis. I added > another rule to handle them ie: > > cat /etc/shorewall/Tarpit > > use Shorewall::Chains; add_rule $chainref, "-p tcp -j TARPIT"; # DROP > for all other protocols add_rule $chainref, "-j DROP"; > > Seems to be working, has anyone else tried this?
Hopefully not. Using this as a default action will tarpit any Auth client who is trying to authenticate one of your users who just connected. It also totally breaks logging of DROP policies. > > This would make every host in the blacklist get tarpitted? No -- this will cause the Tarpit action to be invoked just before a DROP policy is enforced on a connection request. > Or do I > need to set BLACKLIST_DISPOSITION=Tarpit in shorewall.conf? You don't get to specify your own action in the BLACKLIST_DISPOSITION option. The only legitimate use of your Tarpit action would be in /etc/shorewall/rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
