xt_TARPIT (was: ipt_account / iptables 1.3.8)
jengelh at computergmbh.de
Mon Jul 9 16:58:39 CEST 2007
On Jul 9 2007 16:15, Patrick McHardy wrote:
>>>No, I couldn't come up with a good way to remove the xrlim abuse yet.
If you ask me, just remove the xrlim call, and replace it by
some sort of 'last' timestamp, e.g.
static int target()
if (!otcph->syn && otcph->ack)
if (!(last <= now() + 5))
return; /* rate limit */
last = now();
As far as I can see, that xrlim call is there for at least one case:
tarpit sends ACKs with window=0, but client ignores the RFC-given delay for
More information about the netfilter-devel