Thanks Tom (and Matt). I’ll just leave the Drop rule in place.
Bruce > On 8 Oct 2020, at 5:06 am, Tom Eastep <teas...@shorewall.net> wrote: > > On 10/5/20 8:49 PM, Bruce Bannerman wrote: >> Hello everyone, >> >> I’m getting an annoying number of smtp connection attempts from a >> specific IP address that has been going on for weeks now (several per >> minute). >> >> I’m currently dropping these packets using a shorewall rule. >> >> I’m thinking of setting up a tarpit to try to discourage the unwanted >> smtp attempts. >> >> Can someone point me to any appropriate documentation to do this? >> >> >> I have seen the TARPIT sections in: >> >> * The man page for rules [1] >> * Tom’s Network config [2] >> >> >> I also tried to search the mailing list archives at [3], but get an >> "Error 523”, Origin is unreachable. >> >> >> To date, I have added the following line in my rules file: >> >> "TARPIT net:<static IP> dmz:$E_SMTP >> tcp smtp" >> >> When I run shorewall check, it gives me the following error: >> >> "ERROR: TARPIT requires TARPIT Target in your kernel and iptables >> /etc/shorewall/rules (line 40)” >> >> >> >> My Shorewall version is 5.2.3.2 >> >> Debian Stable 10.6 >> > > TARPIT requires xtables-addons which is no longer available in Debian 10. > > -Tom > -- > Tom Eastep \ Q: What do you get when you cross a mobster > Shoreline, \ with an international standard? > Washington, USA \ A: Someone who makes you an offer you > http://shorewall.org \ can't understand > \________________________________________ > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
