iptables mirror target for linux kernel 3.0.7

After my last kernel upgrade I recognized that the iptables mirror target I published here does not work anymore with kernel version 3.0. There were some changes in kernel code. Thus I had to modify the iptables mirror target again to make it work with current kernel versions. You can download the newer release for kernel version 3.0 and probably future kernels here:

[download#73] gplv3-127x51

The kernel module has been tested with kernel version 3.0.7. According to the kernel changelog it should work with kernels since 2.6.39. If you have tried the mirror module with other kernel versions  than 3.0.7, please leave a reply for others to know whether other versions work, or not.

To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the reject or drop target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:


Beware: The use of the mirror target may have strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module.  These machines may end up playing pingpong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.



1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)