1. Forum
  2. Newsgroups
  3. alt.os.linux.ubuntu

  • iptables trigger rules

    From Mr. Man-wai Chang@toylet.toylet@gmail.com to alt.os.linux.ubuntu on Mon Apr 1 17:58:57 2024
    From Newsgroup: alt.os.linux.ubuntu

    What are these rules trying to do?

    :trigger_out - [0:0]
    -A FORWARD -i vlan2 -o br0 -j TRIGGER--trigger-proto --trigger-match 0-0 --trigger-relate 0-0
    -A FORWARD -i br0 -j trigger_out
    --- Synchronet 3.20a-Linux NewsLink 1.114
  • From Grant Taylor@gtaylor@tnetconsulting.net to alt.os.linux.ubuntu on Mon Apr 1 12:23:32 2024
    From Newsgroup: alt.os.linux.ubuntu

    On 4/1/24 04:58, Mr. Man-wai Chang wrote:
    What are these rules trying to do?

    :trigger_out - [0:0]
    -A FORWARD -i vlan2 -o br0 -j TRIGGER--trigger-proto --trigger-match 0-0 --trigger-relate 0-0
    -A FORWARD -i br0 -j trigger_out

    I don't recognize -- what appears to be -- the TRIGGER iptabes match extension.

    Try man iptables-extensions on your system and search for TRIGGER.

    You can also try the following to see if it gives any output:

    iptables -j TRIGGER -h
    --
    Grant. . . .
    --- Synchronet 3.20a-Linux NewsLink 1.114
  • From Mr. Man-wai Chang@toylet.toylet@gmail.com to alt.os.linux.ubuntu on Thu Apr 4 12:52:25 2024
    From Newsgroup: alt.os.linux.ubuntu

    On 2/4/2024 1:23 am, Grant Taylor wrote:

    You can also try the following to see if it gives any output:

    iptables -j TRIGGER -h


    Thanks! I have never used the TRIGGER function of iptables. I only know
    it's useful in port-knocking.
    --- Synchronet 3.20a-Linux NewsLink 1.114
  • From Grant Taylor@gtaylor@tnetconsulting.net to alt.os.linux.ubuntu on Thu Apr 4 21:41:26 2024
    From Newsgroup: alt.os.linux.ubuntu

    On 4/3/24 23:52, Mr. Man-wai Chang wrote:
    Thanks!

    You're welcome.

    I have never used the TRIGGER function of iptables. I only know it's
    useful in port-knocking.

    I've implemented port knocking for my systems in pure kernel space using iptables recent match extension & target. No user space process required.

    I did similar about 20 years ago with tiered ban times for SSH brute
    force connection attempts. Again, pure kernel space.
    --
    Grant. . . .
    --- Synchronet 3.20a-Linux NewsLink 1.114