Me he propuesto aportar un post por cada solucion válida pa' mis problemas q obtenga; asi q ahi vamos.
El patch o matic son modulos para añadir funciones al iptables. Una vez que tengas configurado el iptables (a partir de ahora $ipt=iptables), le podemos añadir funciones con los modulos de:
http://www.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-TARPIT
A mi en especial me han gustado la opcion tarpit y horarios pa las reglas del ipt.
Tarpit sustituye a las reglas q le pongamos de politica drop, y en vez de tirar los packets deja abierta la conexion pero en un estado inválido
Citar
Adds a TARPIT target to iptables, which captures and holds incoming TCP
connections using no local per-connection resources. Connections are
accepted, but immediately switched to the persist state (0 byte window), in
which the remote side stops sending data and asks to continue every 60-240
seconds. Attempts to close the connection are ignored, forcing the remote
side to time out the connection in 12-24 minutes.
This offers similar functionality to LaBrea
<http://www.hackbusters.net/LaBrea/> but doesn't require dedicated hardware
or IPs. Any TCP port that you would normally DROP or REJECT can instead
become a tarpit.
connections using no local per-connection resources. Connections are
accepted, but immediately switched to the persist state (0 byte window), in
which the remote side stops sending data and asks to continue every 60-240
seconds. Attempts to close the connection are ignored, forcing the remote
side to time out the connection in 12-24 minutes.
This offers similar functionality to LaBrea
<http://www.hackbusters.net/LaBrea/> but doesn't require dedicated hardware
or IPs. Any TCP port that you would normally DROP or REJECT can instead
become a tarpit.
http://www.lowth.com/howto/iptables-treasures.php
http://www.howforge.com/how-to-install-patch-o-matic-in-ubuntu
http://www.linuxjournal.com/node/7180/print