[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-wizards
Subject:    Re: [fw-wiz] Dynamic execution of a script on arrival of a packet
From:       Sigurd Urdahl <sigurdur () linpro ! no>
Date:       2002-10-31 16:48:07
[Download RAW message or body]

Alex Ongena <Alex.Ongena@able.be> writes:

> Hi,
> 
> I'am using Linux 2.4.19 and iptables.
> I'am looking to make a thing like:
> - by default, everything is denied in the Firewall.
> - on arrival of a packet, a 'script' (ex. perl) is
> called that evaluates some packet details (like
> Source IP, Protocol, Port, date and time of
> arrival, etc..) and can decides to 'add an
> iptable rule on the fly' to accept this and
> future packets.


You probably want to look at the QUEUE target in iptables, described
as:

        QUEUE is a special target, which queues the packet for
        userspace processing.

search for "Special Built-In targets" in [1].

> The advantage of this script could be that 'acceptance'
> criteria can be determined more flexible
> (for example, checking a database with the relation
> IP <-> User at a certain moment in time)

Depending on what you are going to use this for, maybe it would be
better to either have some kind of logon-enabling instead? Either a
web-form to fill in or maybe with PAM. You might want to take a look
at the Authentication Gateway HOWTO [2].

> PS: I'am new to this list, does there exist a searchable
> archive ?

Follow the link below:)

> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


regards,

-sig

[1] http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-7.html


[2] http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/index.html

-- 
Sigurd Urdahl                               sigurdur@linpro.no
Systemkonsulent | Systems consultant             www.linpro.no
LIN PRO can improve the health of people who consume the eggs,
meat and milk [..] (http://www.werneragra.com/linpro.html)
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic