Tag Archives: Karmic Koala

IPtables Tarpit Support in Karmic

Edit: If you’re using Ubuntu 10.04 or higher this is no longer needed. The xtables-addons in the repositories compiles just fine.

IPtables has a nifty feature called Tarpit. In terms of IPtables a tarpit

“captures and holds incoming TCP connections using no local per-connection resources. Connections are accepted, but immediately switched to the persist state (0 byte window), in which the remote side stops sending data and asks to continue every 60-240 seconds. Attempts to close the connection are ignored, forcing the remote side to time out the connection in 12-24 minutes.” source

This basically means that it will be impossible for the person initiating the connection to close it until it times out, wasting their resources. 😈 Great for those pesky spammers that won’t leave your server alone. However, this feature is not considered stable so it is not included in the standard version of IPtables and therefore, Ubuntu does not have this functionality. However, Karmic offers a simple way to install it.

Karmic has a package in the repos called “netfilter-extensions-source” which contains the source to the Tarpit module as well as some other additions to IPtables, however according to upstream this package is deprecated. It’s also broken. So the package we need to use is called “xtables-addons-source”. However that’s also broken in Karmic. Fun fun. πŸ™„ So we’ll need to steal the version from Lucid.

wget http://archive.ubuntu.com/ubuntu/pool/universe/x/xtables-addons/xtables-addons-source_1.21-1_all.deb
wget http://archive.ubuntu.com/ubuntu/pool/universe/x/xtables-addons/xtables-addons-common_1.21-1_i386.deb
# For 64bit:
wget http://archive.ubuntu.com/ubuntu/pool/universe/x/xtables-addons/xtables-addons-common_1.21-1_amd64.deb

Now install them. If you’re doing this on a server I recommend using the command lineΒ  version of gdebi since it will help with dependencies. We’ll also need Quilt so that it can apply some patches when it gets compiled.

sudo apt-get install gdebi-core quilt
sudo gdebi xtables-addons-source_1.21-1_all.deb
sudo gdebi xtables-addons-common_1.21-1_i386.deb
# 64bit:
sudo gdebi xtables-addons-common_1.21-1_amd64.deb

Now just run the following command to compile and install it

sudo module-assistant --verbose --text-mode auto-install xtables-addons

Say yes to any additional packages it wants to install and then it will automatically compile it, package it into a deb and install it.

Now you can create some rules using the Tarpit module.

sudo iptables -A INPUT -p tcp -m tcp -dport 80 -j TARPIT

This will create a tarpit on port 80. Heads up if you’re actually running something on that port as it will become inaccessible.

Or perhaps you want to target a specific IP

sudo iptables -A INPUT -s x.x.x.x -p tcp -j TARPIT

Where x.x.x.x is the IP address.

These are only a couple basic examples. There’s a lot more things you can do with IPtables and Tarpitting which are beyond the scope of this post but a quick Googling will reveal a lot of good info on IPtables. For a basic intro to IPtables I recommend reading this.

Update: If you get a kernel update that bumps the ABI (e.g. 2.6.31-15-generic to 2.6.31-16-generic) then you will have to rebuild the xtables package after rebooting into the new kernel. To do this just rerun the module-assistant command

sudo module-assistant --verbose --text-mode auto-install xtables-addons

Actually I’ve found out this is better since you can recompile it before rebooting thus eliminating any period of time without a firewall.

sudo module-assistant --verbose --text-mode -l <kernel-version> auto-install xtables-addons

Replace <kernel-version> with the new kernel such as “2.6.31-17-generic”

Iomega Prestige HDD and Karmic

Just a little heads up. If you have an Iomega Prestige USB hard drive and you use suspend a lot and you are planning to upgrade to Ubuntu 9.10 or already have, there’s an annoying bug that makes the drive go in to an unresponsive state until power cycled. The symptoms include

  • Takes a long time to actually suspend, waiting at a blank screen
  • Drive doesn’t automatically power off like it should when it detects the computer has been suspended
  • Drive is no longer visible to the system after resuming, even after unplugging it and plugging it back in
  • Must be power cycled before it functions properly again

 

Here’s the bug report

Update: HP LaserJet p1505 on Ubuntu

I am happy to announce that the HP LaserJet p1505 printer works out of the box on Ubuntu 9.10. πŸ˜€ No more hacking around that was required for Ubuntu 9.04. If you followed my other post to compile the drivers and you are going to upgrade to Karmic it would be best to uninstall the compiled version of foo2zjs. Hopefully you’ve kept the source directory around. If so all you need to do is “cd”Β  into the directory and run

sudo make uninstall

Then you can upgrade and then reinstall the Ubuntu foo2zjs package

sudo apt-get install foo2zjs

When you plug the printer in system-config-printer may prompt you if you want to install a plugin for the printer. Accept and follow the instructions. Afterwards you will probably need to open hp-toolbox and click the “download firmware” button in the main window. Afterwards the printer should be working. That said, after I upgraded and plugged in the printer it “just worked” and I didn’t have to do any of that stuff. As much as I was disappointed that this printer didn’t work in Jaunty, I am equally happy that it is working perfectly in Karmic. πŸ˜€