iptables mirror target for linux kernel 5.4

After my last kernel upgrade I tried to build the iptables mirror target that I have published the last time here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine.

When I tried it with kernel version 5.4, it did not build anymore with the current linux kernel. This time there has been a API change in kernel 5.0. Thus I had to replace the call to skb_make_writable() with a call to skb_ensure_writable. Furthermore a call to dst_neigh_output() had to be replaced by a call to neigh_output(). Also a small Makefile change has been necessary. Starting with kernel 5.4 the outdated SUBDIRS=$(PWD) argument gets ignored and M=$(PWD) has to be supplied instead. You can download the newer release for kernel version 5.4 and probably future kernels here:

MIRROR.5.4.tar.gz (644 downloads )

The kernel module has been tested with kernel version 5.4.15-zen1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel. Unfortunately the mirror target does not work with iptables version 1.6 and newer due to removal of the ipt_MIRROR extension (libipt_MIRROR.so). To use the MIRROR target one has to use iptables 1.4.21 or below.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:


Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (3776 downloads )
MIRROR.2.6.24.tar.gz (4465 downloads )
MIRROR.2.6.25.tar.gz (3985 downloads )
MIRROR.2.6.28.tar.gz (3952 downloads )
MIRROR.2.6.31 (3799 downloads )
MIRROR.2.6.35.tar.gz (3708 downloads )
MIRROR.2.6.36.tar.gz (3799 downloads )
MIRROR.2.6.37.tar.gz (3571 downloads )
MIRROR.3.0.7.tar.gz (3223 downloads )
MIRROR.3.1.0.tar.gz (2913 downloads )
MIRROR.3.3.0.tar.gz (2929 downloads )
MIRROR.3.6.0.tar.gz (2674 downloads )
MIRROR.4.10.tar.gz (1420 downloads )


1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)