[fw-wiz] Dynamic execution of a script on arrival of a packet

From: Alex Ongena (Alex.Ongena@able.be)
Date: 10/30/02

• Next message: Mikael Olsson: "Re: [fw-wiz] Danger of telnet on w2k (Was: re: Annoying pop-ups)"
• Previous message: Mikael Olsson: "Re: [fw-wiz] Windows networking specifics (Was: re: Annoying pop-ups)"
• Next in thread: Sigurd Urdahl: "Re: [fw-wiz] Dynamic execution of a script on arrival of a packet"
• Reply: Sigurd Urdahl: "Re: [fw-wiz] Dynamic execution of a script on arrival of a packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Alex Ongena <Alex.Ongena@able.be>
To: firewall <firewall-wizards@honor.icsalabs.com>
Date: Wed Oct 30 10:22:21 2002

Hi,

I'am using Linux 2.4.19 and iptables.
I'am looking to make a thing like:
- by default, everything is denied in the Firewall.
- on arrival of a packet, a 'script' (ex. perl) is
  called that evaluates some packet details (like
  Source IP, Protocol, Port, date and time of
  arrival, etc..) and can decides to 'add an
  iptable rule on the fly' to accept this and
  future packets.
- another script can be runned by cron to remove
  iptable entries when applicable.

The advantage of this script could be that 'acceptance'
criteria can be determined more flexible
(for example, checking a database with the relation
IP <-> User at a certain moment in time)

I know that one has to prevent for DoD with Packet
Flooding, but that can be handled with the iptables
--limit extension.

Thanks for any help
alex
PS: I'am new to this list, does there exist a searchable
archive ?

• Next message: Mikael Olsson: "Re: [fw-wiz] Danger of telnet on w2k (Was: re: Annoying pop-ups)"
• Previous message: Mikael Olsson: "Re: [fw-wiz] Windows networking specifics (Was: re: Annoying pop-ups)"
• Next in thread: Sigurd Urdahl: "Re: [fw-wiz] Dynamic execution of a script on arrival of a packet"
• Reply: Sigurd Urdahl: "Re: [fw-wiz] Dynamic execution of a script on arrival of a packet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Max iptables rules? ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ... (comp.security.firewalls) Re: Max iptables rules? ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ... (comp.security.firewalls) Re: Max iptables rules? ... Here is my understanding of how Iptables processes firewall rules, ... Lets say the above is our firewall with 1000 rules in it. ... The packet will be compared to the list. ... On the 3rd rule, iptables will find a match and will allow the packet, ... (comp.security.firewalls) Re: securing Ubuntu and firewall ... implement a firewall, it's a packet filter. ... The one place where it might seem iptables would be ... (Ubuntu) Re: Potential crafted packets vulnerability in firewalls ... Does iptables need some additional rules to ... In other words, a packet with ... SYN,RST flags set, and ACK flag clear, will be interpreted by firewall as ... Many use Linux as a firewall to ... (comp.os.linux.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint