[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: ipt_account / iptables 1.3.8
From:       Jozsef Kadlecsik <kadlec () blackhole ! kfki ! hu>
Date:       2007-06-28 11:29:29
Message-ID: Pine.LNX.4.64.0706281327000.28886 () blackhole ! kfki ! hu
[Download RAW message or body]

On Thu, 28 Jun 2007, Patrick McHardy wrote:

>> I'd like to see an IPv4/IPv6 compatible TARPIT module in the mainline
>> kernel. But please extend the target so that it could be used from the
>> raw table and let the reply packets skip conntrack. Thus we could
>> benefit from TARPIT even in a full blown conntrack/nat setup as well.
>> (If I recall correctly, that is not possible with the original version.)
>
> The easiest way to do this would probably be to optionally attach
> a notrack conntrack to new packets.

Yes, exactly.

> Looking at the version in SVN, it also needs:
[...]
> Shouldn't be much work, maybe I'll look into this after finishing
> my conntrack hash patches if no one beats me to it.

The amount of work you have been doing is simply amazing...

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
           H-1525 Budapest 114, POB. 49, Hungary

[prev in list] [next in list] [prev in thread] [next in thread]