iptables mirror target for linux kernel 4.10

After my last kernel upgrade I tried to build the iptables mirror target published the last time here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. When I tried it with kernel version 4.12 , it did not build anymore with the current linux kernel. This time a struct changed in kernel 4.10 and some functions have got renamed in the kernel 4.11. Thus I had to update the ip_direct_send and ipt_mirror_target functions. You can download the newer release for kernel version 4.10 and probably future kernels here:

MIRROR.4.10.tar.gz (34) gplv3-127x51

The kernel module has been tested with kernel version 4.12.12-gentoo. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (2832)
MIRROR.2.6.24.tar.gz (3259)
MIRROR.2.6.25.tar.gz (2995)
MIRROR.2.6.28.tar.gz (3044)
MIRROR.2.6.31 (2856)
MIRROR.2.6.35.tar.gz (2791)
MIRROR.2.6.36.tar.gz (2876)
MIRROR.2.6.37.tar.gz (2645)
MIRROR.3.0.7.tar.gz (2348)
MIRROR.3.1.0.tar.gz (2037)
MIRROR.3.3.0.tar.gz (2065)
MIRROR.3.6.0.tar.gz (1761)
gplv3-127x51

regards
Jürgen

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

iptables mirror target for linux kernel 3.6

After my last kernel upgrade I tried to build the iptables mirror target published the last time here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. When I tried it with kernel version 3.6 , it did not build anymore with the current linux kernel. This time some functions have got removed from the kernel. Thus I had to update the ip_direct_send function. You can download the newer release for kernel version 3.6 and probably future kernels here:

MIRROR.3.6.0.tar.gz (1761) gplv3-127x51

The kernel module has been tested with kernel version 3.7.0-vs2.3.5.1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (2832)
MIRROR.2.6.24.tar.gz (3259)
MIRROR.2.6.25.tar.gz (2995)
MIRROR.2.6.28.tar.gz (3044)
MIRROR.2.6.31 (2856)
MIRROR.2.6.35.tar.gz (2791)
MIRROR.2.6.36.tar.gz (2876)
MIRROR.2.6.37.tar.gz (2645)
MIRROR.3.0.7.tar.gz (2348)
MIRROR.3.1.0.tar.gz (2037)
MIRROR.3.3.0.tar.gz (2065)
gplv3-127x51

regards
Jürgen

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

iptables mirror target for linux kernel 3.3

After my last kernel upgrade I tried to build the iptables mirror target published here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. When I tried it with kernel version 3.3 , it did not build anymore with the current linux kernel. However, this time only a minor modification has been neccesary. Another header file had to be included and a function name has changed.  You can download the newer release for kernel version 3.3 and probably future kernels here:

MIRROR.3.3.0.tar.gz (2065) gplv3-127x51

The kernel module has been tested with kernel version linux-3.3-vserver-2.3.3.1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (2832)
MIRROR.2.6.24.tar.gz (3259)
MIRROR.2.6.25.tar.gz (2995)
MIRROR.2.6.28.tar.gz (3044)
MIRROR.2.6.31 (2856)
MIRROR.2.6.35.tar.gz (2791)
MIRROR.2.6.36.tar.gz (2876)
MIRROR.2.6.37.tar.gz (2645)
MIRROR.3.0.7.tar.gz (2348)
MIRROR.3.1.0.tar.gz (2037)
gplv3-127x51

regards
Jürgen

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

zen-sources-3.2 with tuxonice

Starting with the 2.6.36 kernel, tuxonice has been removed from zen-sources. The latest official tuxonice patch, that is available at present, is for the linux kernel 3.0. In the meanwhile more recent patches, for kernel version 3.2.1 and 3.2.10, have appeared at crow202.org. So I patched the zen-stable-3.2 sources with the 3.2.1 tuxonice patch from there.

Suspend to RAM works with this kernel, at least on my Dell Precison M65 and my Desktop, as well as suspend to disk does. Furthermore I can confirm, that the 3.2.1 patch also works on the x86_64 architecture.

To get things to work, download the zen-stable-3.2 kernel tree from zen-kernel.org and extract it. Afterwards download the 3.2.1 tuxonice patch from crow202.org and apply it. After applying the patch you can continue with the standard kernel building process. As with zen-sources-3.1,  no additional patch is necessary for the zcache feature, the fix is already included in zen-stable-3.2. The zcache feature doubles RAM efficiency while providing a significant performance boosts on many workloads. The zcache feature is located under staging drivers in the kernel tree and depends on the cleancache feature, which is located under processor types and features. To enable the zcache feature, you have to pass the zcache keyword to your kernel, in example in your grub.conf.

Example: kernel /bzImage panic=60 root=/dev/hda3 zcache

For Gentoo users there is a more easy way: Download my modified overlay from zen-sources-3.2.tar.gz (918) and extract it in /usr/local/portage. The overlay contains all necessary patches. Be sure to include the following line in your /etc/make.conf:

PORTDIR_OVERLAY=”/usr/local/portage”

If you want to use tuxonice include tuxonice in your USE-flags. Then emerge zen-sources and build the kernel as you like.

Tuxonice is not officially supported in current zen-sources. So If you’re using the files above, don’t report any bugs to zen-sources.org. You are on your own.

For my Precision M65 I used the following kernel config: config_zen_3.2_dell_m65.zip (925)

For more information on the zen-sources patchset see www.zen-sources.org.

best regards

Jürgen

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

zen-sources-3.1 with tuxonice

Starting with the 2.6.36 kernel, tuxonice has been removed from zen-sources. The latest official tuxonice patch that is available is for the linux kernel 3.0.  However, I found a more recent patch at gmane.org. So I patched the zen-stable-3.1 sources with this tuxonice patch.

Suspend to RAM works with this kernel, at least on my Dell Precison M65 and my Desktop, as well as suspend to disk does.

To get things to work, download the zen-stable-3.1 kernel tree from zen-kernel.org and extract it. Afterwards download the tuxonice patch from gmane.org and apply it. After applying the patch you can continue with the standard kernel building process. This time no additional patch is necessary for the zcache feature, the fix is already included in zen-stable-3.1. The zcache feature doubles RAM efficiency while providing a significant performance boosts on many workloads. The zcache feature is located under staging drivers in the kernel tree and depends on the cleancache feature, which is located under processor types and features. To enable the zcache feature, you have to pass the zcache keyword to your kernel, in example in your grub.conf.

Example: kernel /bzImage panic=60 root=/dev/hda3 zcache

For Gentoo users there is a more easy way: Download my modified overlay from zen-sources-3.1.tar.gz (872) and extract it in /usr/local/portage. The overlay contains all necessary patches. Be sure to include the following line in your /etc/make.conf:

PORTDIR_OVERLAY=”/usr/local/portage”

If you want to use tuxonice include tuxonice in your USE-flags. Then emerge zen-sources and build the kernel as you wish.

Tuxonice is not officially supported in current zen-sources. So If you’re using the files above, don’t report any bugs to zen-sources.org. You are on your own.

For my Precision M65 I used the following kernel config:  config_zen_3.1_dell_m65.zip (895)

For more information on the zen-sources patchset see www.zen-sources.org.

best regards

Jürgen

 

 

 

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

iptables mirror target for linux kernel 3.1

After my last kernel upgrade I tried to build the iptables mirror target published here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine. Guess what happened when I tried it with kernel versions 3.1 and 3.2 , it did not build anymore with the current linux kernel. There were some changes in the  kernels network stack. So I had to modify the iptables mirror target again to make the module work with current kernel versions. You can download the newer release for kernel version 3.1 and probably future kernels here:

MIRROR.3.1.0.tar.gz (2037) gplv3-127x51

The kernel module has been tested with kernel version 3.2.1 and 3.1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (2832)
MIRROR.2.6.24.tar.gz (3259)
MIRROR.2.6.25.tar.gz (2995)
MIRROR.2.6.28.tar.gz (3044)
MIRROR.2.6.31 (2856)
MIRROR.2.6.35.tar.gz (2791)
MIRROR.2.6.36.tar.gz (2876)
MIRROR.2.6.37.tar.gz (2645)
MIRROR.3.0.7.tar.gz (2348)
gplv3-127x51

regards
Jürgen

 

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

zen-sources-3.0 with tuxonice

Starting with the 2.6.36 kernel, tuxonice has been removed from zen-sources. The latest tuxonice patch that is available is for the linux kernel 3.0.  So I patched the zen-stable-3.0 sources with tuxonice. Hopefully a patch for more recent kernel versions will be available soon.

Suspend to RAM works with this kernel, at least on my Dell Precison M65 and my Desktop, as well as suspend to disk does.

To get things to work, download the zen-stable-3.0 kernel tree from zen-kernel.org and extract it. Afterwards download the tuxonice patch from tuxonice.net and apply it. For getting the zcache feature, to work you have to download and apply this patch: linux-3.0-zcache-fix.patch.bz2 (972) The zcache feature doubles RAM efficiency while providing a significant performance boosts on many workloads.  The patch has been extracted from vserver-sources-2.3.2.5 with working zcache feature.  After applying the patch  you can continue with the standard kernel building process. The zcache feature is located under staging drivers in the kernel tree and depends on the cleancache feature, which is located  under processor types and features. To enable the zcache feature, you have to pass the zcache keyword to your kernel, in example in your grub.conf.

Example: kernel /bzImage panic=60 root=/dev/hda3 zcache

For Gentoo users there is a more easy way: Download my modified overlay from zen-sources-3.0.tar.gz (823) and extract it in /usr/local/portage. Be sure to include the following line in your /etc/make.conf:

PORTDIR_OVERLAY=”/usr/local/portage”

If you want to use tuxonice include tuxonice in your USE-flags. Then emerge zen-sources and build the kernel as you wish.

Tuxonice is not officially supported in current zen-sources. So If you’re using the files above, don’t report any bugs to zen-sources.org. You are on your own.

For my Precision M65 I used the following kernel config: config_zen_3.0_dell_m65.zip (855)

For more information on the zen-sources patchset see www.zen-sources.org.

best regards

Jürgen

 

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...