Erik Westenbroek wrote on 03/07/06 04:18: > I am attempting create a tarpit to protect against SSH Brute force > attempts. I tried this: --snip-- > iptables -A SSH_Brute_Force -p tcp -j TARPIT > After I type the last command typed I got this error message: > iptables: No chain/target/match by that name
> What am I doing wrong? Hi Erik The standard Gentoo-sources kernel does not include the TARPIT target. You need to pick up an updated kernel iptables source from netfilter.org, and install it as follows: I assume you have a subversion client already installed on your machine. cd /usr/src Pick up patch-o-matic-ng: svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng Pick up iptables source code: svn co https://svn.netfilter.org/netfilter/trunk/iptables Install kernel patches to iptables extra code cd patch-o-matic-ng ./runme extra Here you can select the targets/filters (e.g TARPIT) you want patching into the kernel iptables modules. After installing patches you must regenerate your kernel and modules to activate the patches, and then re-emerge iptables to pick up the kernel patches. make menuconfig make && make modules_install && make install Make sure that you have USE="extensions" in your /etc/make.conf before you emerge iptables, or it will ignore the new non-standard extensions. emerge iptables This worked for me. Cheers, Dave -- gentoo-user@gentoo.org mailing list
