# iptables TARPIT match

## thompsonmike

What do I need to do to enable the TARPIT match in IPTables?

I have version 1.2.11 of IPTables and I am running Kernel 2.4.28-gentoo-r5

When I try and add a tarpit rule, such as

iptables -A INPUT -p TCP --dport 80 -j TARPIT

I get back

iptables: No chain/target/match by that name

Any help appreciated.

----------

## benjones

Have you compiled the option in your kernel?  iirc, it comes as standard with gentoo-sources, but you have to patch vanilla kernels.  In any case, you need to enable the option in your kernel config in Networking Options -> IP: Netfilter Configuration.  Btw, it's not quite rfc compliant, despite being rather nifty.  There's more detail here:

http://securityfocus.com/infocus/1723

----------

## thompsonmike

I have every option for IPTables in the Kernel, but I do not see one for TARPIT.

----------

## benjones

I only read that it was in one of the gentoo sources, which I don't run, unfortunately.  I don't know which kernel you're running, but you could either check the patchset of the different sources, or just apply the patch-o-matic from netfilter yourself.

----------

## thompsonmike

Never mind, according to bugzilla, it has been removed never to return.

Guess I will have to use POM. Now to work out how the hell to do it!

----------

