Firewall Wizards mailing list archives
Re: Dynamic execution of a script on arrival of a packet
From: Sigurd Urdahl <sigurdur () linpro no>
Date: 31 Oct 2002 17:48:07 +0100
Alex Ongena <Alex.Ongena () able be> writes:
Hi, I'am using Linux 2.4.19 and iptables. I'am looking to make a thing like: - by default, everything is denied in the Firewall. - on arrival of a packet, a 'script' (ex. perl) is called that evaluates some packet details (like Source IP, Protocol, Port, date and time of arrival, etc..) and can decides to 'add an iptable rule on the fly' to accept this and future packets.
You probably want to look at the QUEUE target in iptables, described as: QUEUE is a special target, which queues the packet for userspace processing. search for "Special Built-In targets" in [1].
The advantage of this script could be that 'acceptance' criteria can be determined more flexible (for example, checking a database with the relation IP <-> User at a certain moment in time)
Depending on what you are going to use this for, maybe it would be better to either have some kind of logon-enabling instead? Either a web-form to fill in or maybe with PAM. You might want to take a look at the Authentication Gateway HOWTO [2].
PS: I'am new to this list, does there exist a searchable archive ?
Follow the link below:)
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
regards, -sig [1] http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-7.html [2] http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/index.html -- Sigurd Urdahl sigurdur () linpro no Systemkonsulent | Systems consultant www.linpro.no LIN PRO can improve the health of people who consume the eggs, meat and milk [..] (http://www.werneragra.com/linpro.html) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Dynamic execution of a script on arrival of a packet Alex Ongena (Oct 30)
- Re: Dynamic execution of a script on arrival of a packet Sigurd Urdahl (Oct 31)