[NBLUG/talk] iptables mirror target

augie augie at schwer.us
Sat Sep 27 11:34:01 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

i found this while re-compiling the kernel. i thought it was pretty neat.

man iptables

MIRROR
This is an experimental demonstration target which inverts the source
and destination fields in the IP header and retransmits the packet. It
is only valid in the INPUT, FORWARD and PREROUTING chains, and user-
defined chains which are only called from those chains. Note that the
outgoing packets are NOT seen by any packet filtering chains, connec-
tion tracking or NAT, to avoid loops and other problems.

i figure this might be a good way to fight those hack-attacks or 'code
red' or 'nimda'.

augie.


- --
irc.nblug.org #nblug
registered linux user #229905
gpg public key: http://www.schwer.us/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/ddfty5knhCewwHIRAmuTAKCuoPmCtbOYN6U47ojzToNlhVsIygCfS+L3
xeGNDC4PnFZ/IJK8L43MttM=
=MtWE
-----END PGP SIGNATURE-----




More information about the talk mailing list