-m recent --rdest or don't trust the man(page)
Looking for a way to block those 404 hoppers I match the outgoing packages from sport 80 for the string 404. Now that I have those classified I needed a way to block them when they would return. Normaly i would use the recent module for this. But as its a outgoing packet and recent normally uses the source ip I would block myself to come back in. But the man pages has the --rdest option which matches/saves on the destination ip. That would be cool but I would need it to block on the incoming package. A line in the state file goes like
So it won't work would it?
So I looked for other ways I came up with the ULOG target and nfqueue and all the other glories parts of the TARGET section. But non really where easy to use or did exists on the virtual machine I'm doing this on and I could not get a new kernel or modules.
Tearing my hairs out and getting ready to program myself a netlink socket c thingy I hit the man page again and thought "What the hell. Let's try this --rdest and see how it comes up inside the state file". And tell you what it does not save it as dst=dst_ip as I predicted but as src=dst_ip. Why don't they write such thing inside the man page? Why did I not just try it out? Why is it raining outside?
Anyways now I have it setup right and block those hoppers with only iptables. And as well enjoying the rest of the day watching movies.
Code:
src=ip_addrs ttl other glory
So I looked for other ways I came up with the ULOG target and nfqueue and all the other glories parts of the TARGET section. But non really where easy to use or did exists on the virtual machine I'm doing this on and I could not get a new kernel or modules.
Tearing my hairs out and getting ready to program myself a netlink socket c thingy I hit the man page again and thought "What the hell. Let's try this --rdest and see how it comes up inside the state file". And tell you what it does not save it as dst=dst_ip as I predicted but as src=dst_ip. Why don't they write such thing inside the man page? Why did I not just try it out? Why is it raining outside?
Anyways now I have it setup right and block those hoppers with only iptables. And as well enjoying the rest of the day watching movies.
Total Comments 0