[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-wizards
Subject: Re: [fw-wiz] Dynamic execution of a script on arrival of a packet
From: Sigurd Urdahl <sigurdur () linpro ! no>
Date: 2002-10-31 16:48:07
[Download RAW message or body]
Alex Ongena <Alex.Ongena@able.be> writes:
> Hi,
>
> I'am using Linux 2.4.19 and iptables.
> I'am looking to make a thing like:
> - by default, everything is denied in the Firewall.
> - on arrival of a packet, a 'script' (ex. perl) is
> called that evaluates some packet details (like
> Source IP, Protocol, Port, date and time of
> arrival, etc..) and can decides to 'add an
> iptable rule on the fly' to accept this and
> future packets.
You probably want to look at the QUEUE target in iptables, described
as:
QUEUE is a special target, which queues the packet for
userspace processing.
search for "Special Built-In targets" in [1].
> The advantage of this script could be that 'acceptance'
> criteria can be determined more flexible
> (for example, checking a database with the relation
> IP <-> User at a certain moment in time)
Depending on what you are going to use this for, maybe it would be
better to either have some kind of logon-enabling instead? Either a
web-form to fill in or maybe with PAM. You might want to take a look
at the Authentication Gateway HOWTO [2].
> PS: I'am new to this list, does there exist a searchable
> archive ?
Follow the link below:)
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
regards,
-sig
[1] http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-7.html
[2] http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/index.html
--
Sigurd Urdahl sigurdur@linpro.no
Systemkonsulent | Systems consultant www.linpro.no
LIN PRO can improve the health of people who consume the eggs,
meat and milk [..] (http://www.werneragra.com/linpro.html)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic