LinuxQuestions.org

Share your knowledge at the LQ Wiki.

		LinuxQuestions.org > Blogs > zhjim
-m recent --rdest or don't trust the man(page)

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

Are you new to LinuxQuestions.org? Visit the following links:
Site Howto | Site FAQ | Sitemap | Register Now

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.

Exclusive for LQ members, get up to 45% off per month. Click here for more info.

Rate this Entry

-m recent --rdest or don't trust the man(page)

Posted 10-07-2012 at 12:35 PM by zhjim
Updated 10-07-2012 at 12:37 PM by zhjim

Tags iptables, recent, try it

Looking for a way to block those 404 hoppers I match the outgoing packages from sport 80 for the string 404. Now that I have those classified I needed a way to block them when they would return. Normaly i would use the recent module for this. But as its a outgoing packet and recent normally uses the source ip I would block myself to come back in. But the man pages has the --rdest option which matches/saves on the destination ip. That would be cool but I would need it to block on the incoming package. A line in the state file goes like

Code:

src=ip_addrs ttl other glory

So it won't work would it?

So I looked for other ways I came up with the ULOG target and nfqueue and all the other glories parts of the TARGET section. But non really where easy to use or did exists on the virtual machine I'm doing this on and I could not get a new kernel or modules.
Tearing my hairs out and getting ready to program myself a netlink socket c thingy I hit the man page again and thought "What the hell. Let's try this --rdest and see how it comes up inside the state file". And tell you what it does not save it as dst=dst_ip as I predicted but as src=dst_ip. Why don't they write such thing inside the man page? Why did I not just try it out? Why is it raining outside?
Anyways now I have it setup right and block those hoppers with only iptables. And as well enjoying the rest of the day watching movies.

Posted in Uncategorized

Views 1096 Comments 0

« Prev Main Next »

Total Comments 0

Comments

zhjim is offline

Registered Oct 2004
Posts 1,748
Blog Entries 11

Find Blog Entries by zhjim

Containing Text: Search Titles Only

Advanced Search
Blog Categories
Local Categories
- Uncategorized
Recent Comments
- DHCP only for KVM host by zhjim
Recent Entries
Recent Visitors

All times are GMT -5. The time now is 02:01 PM.

Main Menu

Advertisement

Advertisement

My LQ

Write for LQ

LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.

Main Menu

Syndicate

Latest Threads

LQ News

Twitter: @linuxquestions

Open Source Consulting | Domain Registration