Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Dynamic execution of a script on arrival of a packet

From: Sigurd Urdahl <sigurdur () linpro no>
Date: 31 Oct 2002 17:48:07 +0100
Alex Ongena <Alex.Ongena () able be> writes:


Hi,

I'am using Linux 2.4.19 and iptables.
I'am looking to make a thing like:
- by default, everything is denied in the Firewall.
- on arrival of a packet, a 'script' (ex. perl) is
  called that evaluates some packet details (like
  Source IP, Protocol, Port, date and time of
  arrival, etc..) and can decides to 'add an
  iptable rule on the fly' to accept this and
  future packets.



You probably want to look at the QUEUE target in iptables, described
as:

        QUEUE is a special target, which queues the packet for
        userspace processing.

search for "Special Built-In targets" in [1].


The advantage of this script could be that 'acceptance'
criteria can be determined more flexible
(for example, checking a database with the relation
IP <-> User at a certain moment in time)


Depending on what you are going to use this for, maybe it would be
better to either have some kind of logon-enabling instead? Either a
web-form to fill in or maybe with PAM. You might want to take a look
at the Authentication Gateway HOWTO [2].


PS: I'am new to this list, does there exist a searchable
archive ?


Follow the link below:)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



regards,

-sig

[1] http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-7.html

[2] http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/index.html

-- 
Sigurd Urdahl                               sigurdur () linpro no
Systemkonsulent | Systems consultant             www.linpro.no
LIN PRO can improve the health of people who consume the eggs,
meat and milk [..] (http://www.werneragra.com/linpro.html)
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: