On 10/6/2020 5:49 AM, Bruce Bannerman wrote: > Hello everyone, > > I’m getting an annoying number of smtp connection attempts from a specific IP > address that has been going on for weeks now (several per minute). > > I’m currently dropping these packets using a shorewall rule. > > I’m thinking of setting up a tarpit to try to discourage the unwanted smtp > attempts. > > Can someone point me to any appropriate documentation to do this? > > > I have seen the TARPIT sections in: > > The man page for rules [1] > Tom’s Network config [2] > > I also tried to search the mailing list archives at [3], but get an "Error > 523”, Origin is unreachable. > > > To date, I have added the following line in my rules file: > > "TARPIT net:<static IP> dmz:$E_SMTP > tcp smtp" > > When I run shorewall check, it gives me the following error: > > "ERROR: TARPIT requires TARPIT Target in your kernel and iptables > /etc/shorewall/rules (line 40)” > >
You at least need the xtables-addons (xtables-addons-dkms on Debian) to get the TARPIT Target. -- Matt Darfeuille <m...@shorewall.org> Community: https://sourceforge.net/p/shorewall/mailman/message/37107049/ SPC: https://sourceforge.net/p/shorewall/mailman/message/36596609/ Homepage: https://shorewall.org _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users