Discussion:
iptables trigger rules
(too old to reply)
Mr. Man-wai Chang
2024-04-01 09:58:57 UTC
Permalink
What are these rules trying to do?

:trigger_out - [0:0]
-A FORWARD -i vlan2 -o br0 -j TRIGGER--trigger-proto --trigger-match 0-0
--trigger-relate 0-0
-A FORWARD -i br0 -j trigger_out
Grant Taylor
2024-04-01 17:23:32 UTC
Permalink
Post by Mr. Man-wai Chang
What are these rules trying to do?
:trigger_out - [0:0]
-A FORWARD -i vlan2 -o br0 -j TRIGGER--trigger-proto --trigger-match 0-0
--trigger-relate 0-0
-A FORWARD -i br0 -j trigger_out
I don't recognize -- what appears to be -- the TRIGGER iptabes match
extension.

Try man iptables-extensions on your system and search for TRIGGER.

You can also try the following to see if it gives any output:

iptables -j TRIGGER -h
--
Grant. . . .
Mr. Man-wai Chang
2024-04-04 04:52:25 UTC
Permalink
Post by Grant Taylor
iptables -j TRIGGER -h
Thanks! I have never used the TRIGGER function of iptables. I only know
it's useful in port-knocking.
Grant Taylor
2024-04-05 02:41:26 UTC
Permalink
Post by Mr. Man-wai Chang
Thanks!
You're welcome.
Post by Mr. Man-wai Chang
I have never used the TRIGGER function of iptables. I only know it's
useful in port-knocking.
I've implemented port knocking for my systems in pure kernel space using
iptables recent match extension & target. No user space process required.

I did similar about 20 years ago with tiered ban times for SSH brute
force connection attempts. Again, pure kernel space.
--
Grant. . . .
Loading...