1. Forum
  2. Usenet
  3. ALT.OS.LINUX.UBUNTU

  • Re: iptables trigger rules

    From Grant Taylor@21:1/5 to Mr. Man-wai Chang on Mon Apr 1 12:23:32 2024
    On 4/1/24 04:58, Mr. Man-wai Chang wrote:
    What are these rules trying to do?

    :trigger_out - [0:0]
    -A FORWARD -i vlan2 -o br0 -j TRIGGER--trigger-proto --trigger-match 0-0 --trigger-relate 0-0
    -A FORWARD -i br0 -j trigger_out

    I don't recognize -- what appears to be -- the TRIGGER iptabes match
    extension.

    Try man iptables-extensions on your system and search for TRIGGER.

    You can also try the following to see if it gives any output:

    iptables -j TRIGGER -h



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Grant Taylor@21:1/5 to Mr. Man-wai Chang on Thu Apr 4 21:41:26 2024
    On 4/3/24 23:52, Mr. Man-wai Chang wrote:
    Thanks!

    You're welcome.

    I have never used the TRIGGER function of iptables. I only know it's
    useful in port-knocking.

    I've implemented port knocking for my systems in pure kernel space using iptables recent match extension & target. No user space process required.

    I did similar about 20 years ago with tiered ban times for SSH brute
    force connection attempts. Again, pure kernel space.



    --
    Grant. . . .

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)