The iptables mirror target I published here and here does not work anymore with kernel version 2.6.35. You can download the newer version for 2.6.35 and probably future kernels here:

[download#39]

It should work with kernels since 2.6.31. To build the module, boot  the kernel you want to use the module with. Afterwards unpack the archive, run the compile.sh script and the install.sh script.

Now you may use the mirror target in place of the reject or drop target  in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may have strange results, i.e. if you want to connect to the iptables protected machine, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. Worst case: if you have two machines using this module they may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels.

[download#12] [download#13] [download#14] [download#32] [download#45]

regards
Jürgen

(1 votes, average: 5.00 out of 5)

Loading...

Posted in kernel, linux, security | 5 Comments »