What are the killing rules

Ask for help, look for common problems and read Frequently Asked Questions!
Post Reply
User avatar
ponury
Posts: 1199
Joined: Fri Sep 23, 2011 11:19 pm
Location: Poland
Contact:

What are the killing rules

Post by ponury » Sat Oct 01, 2011 12:06 pm

There are 4 options to kill the connections coming through the phone:
1) Don't use iptables
- this will only put 0 in the /proc/sys/net/ipv4/ip_forward, which will drop each packet from the client point of view the browser will try to load the page indefinitely like having a 1kbps internet connection each connection will just time out.
this is the best way if your device don't have iptables!

2) Use iptables + DROP policy
- this has similar effect to the previous but the packets are dropped in the iptables

3) Use iptables + REJECT target
- this will reject packets sending either RST packets for each tcp connection or icmp-port-unreach for udp connections, from client POV this will kill all connections pages will just look like they are temporarily down, browser won't load long it will instantly go off, REJECT target support is needed in order for this to work

4) Use iptables + redirect to 127.0.0.1:1
- this should have similar effect to the 3rd option but if your device don't have reject target, all tcp connections are redirected to your device and port 1 which is mostly unused and this also will send RST for each connection


tschudde
Posts: 1
Joined: Fri Oct 28, 2011 4:04 am

Re: What are the killing rules

Post by tschudde » Fri Oct 28, 2011 4:07 am

Is it possible to redirect them to a website or just push something to there screen with the [Use iptables + redirect to 127.0.0.1:1] option? is that even possible?

User avatar
ponury
Posts: 1199
Joined: Fri Sep 23, 2011 11:19 pm
Location: Poland
Contact:

Re: What are the killing rules

Post by ponury » Fri Oct 28, 2011 7:23 pm

tschudde wrote:Is it possible to redirect them to a website or just push something to there screen with the [Use iptables + redirect to 127.0.0.1:1] option? is that even possible?
I will add redirection to a specific IP and port, but please note that this won't change the Host header in request. So only host which are "default" on webservers will work.

hlladxxt_g
Posts: 13
Joined: Sat Oct 15, 2011 1:48 am

Re: What are the killing rules

Post by hlladxxt_g » Thu Nov 03, 2011 3:28 pm

ponury wrote:
tschudde wrote:Is it possible to redirect them to a website or just push something to there screen with the [Use iptables + redirect to 127.0.0.1:1] option? is that even possible?
I will add redirection to a specific IP and port, but please note that this won't change the Host header in request. So only host which are "default" on webservers will work.
Looking forward to it :)

Post Reply