iptables mirror target for linux kernel 5.4

After my last kernel upgrade I tried to build the iptables mirror target that I have published the last time here. The iptables mirror target takes the packet sent to your machine and returns the same packet to the machine the packet came from. Thus, let’s say someone tries to scan your machine or tries an attack he would scan his own machine or even attack his own machine.

When I tried it with kernel version 5.4, it did not build anymore with the current linux kernel. This time there has been a API change in kernel 5.0. Thus I had to replace the call to skb_make_writable() with a call to skb_ensure_writable. Furthermore a call to dst_neigh_output() had to be replaced by a call to neigh_output(). Also a small Makefile change has been necessary. Starting with kernel 5.4 the outdated SUBDIRS=$(PWD) argument gets ignored and M=$(PWD) has to be supplied instead. You can download the newer release for kernel version 5.4 and probably future kernels here:

MIRROR.5.4.tar.gz (167 downloads)

The kernel module has been tested with kernel version 5.4.15-zen1. To build the module, boot the kernel you want to use the module with. Afterwards unpack the archive and run the compile.sh script to build the module. Then run the install.sh script for installing the compiled module into the /lib/modules directory for your kernel.

Now you may use the mirror target in place of the REJECT or DROP target in the INPUT, FORWARD and PREROUTING chains, like this in your firewall script:

$IPTABLES -A INPUT -j MIRROR

Beware: The use of the mirror target may lead to strange results, in example if you want to connect to an iptables protected machine which uses the mirror target, you may end up connecting to the local machine without recognizing it. It also may use much bandwith. The worst case occurs if you have two machines using the module. These machines may end up playing ping pong. So you have been warned, use with caution and at your own risk. For more information see: MIRROR target.

Downloads for older kernel versions are below. Notice the version numbering 2.6.25 works for kernels up to 2.6.27. 2.6.28 also works for 2.6.29 and 2.6.30 kernels. The 2.6.13 version of the module should work up to kernel version 2.6.16.

MIRROR.2.6.13.tar.gz (3334 downloads)
MIRROR.2.6.24.tar.gz (3768 downloads)
MIRROR.2.6.25.tar.gz (3496 downloads)
MIRROR.2.6.28.tar.gz (3532 downloads)
MIRROR.2.6.31 (3367 downloads)
MIRROR.2.6.35.tar.gz (3291 downloads)
MIRROR.2.6.36.tar.gz (3377 downloads)
MIRROR.2.6.37.tar.gz (3127 downloads)
MIRROR.3.0.7.tar.gz (2811 downloads)
MIRROR.3.1.0.tar.gz (2503 downloads)
MIRROR.3.3.0.tar.gz (2514 downloads)
MIRROR.3.6.0.tar.gz (2261 downloads)
MIRROR.4.10.tar.gz (997 downloads)

regards
Jürgen

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

siteinfo

Translator