LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Blogs > zhjim
User Name
Password

Notices

Rate this Entry

-m recent --rdest or don't trust the man(page)

Posted 10-07-2012 at 12:35 PM by zhjim
Updated 10-07-2012 at 12:37 PM by zhjim

Looking for a way to block those 404 hoppers I match the outgoing packages from sport 80 for the string 404. Now that I have those classified I needed a way to block them when they would return. Normaly i would use the recent module for this. But as its a outgoing packet and recent normally uses the source ip I would block myself to come back in. But the man pages has the --rdest option which matches/saves on the destination ip. That would be cool but I would need it to block on the incoming package. A line in the state file goes like
Code:
src=ip_addrs ttl other glory
So it won't work would it?

So I looked for other ways I came up with the ULOG target and nfqueue and all the other glories parts of the TARGET section. But non really where easy to use or did exists on the virtual machine I'm doing this on and I could not get a new kernel or modules.
Tearing my hairs out and getting ready to program myself a netlink socket c thingy I hit the man page again and thought "What the hell. Let's try this --rdest and see how it comes up inside the state file". And tell you what it does not save it as dst=dst_ip as I predicted but as src=dst_ip. Why don't they write such thing inside the man page? Why did I not just try it out? Why is it raining outside?
Anyways now I have it setup right and block those hoppers with only iptables. And as well enjoying the rest of the day watching movies.
Posted in Uncategorized
Views 501 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 11:10 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration