Re: [fw-wiz] Dynamic execution of a script on arrival of a packet
From: Sigurd Urdahl (sigurdur@linpro.no)
Date: 10/31/02
- Next message: Scott, Richard: "RE: [fw-wiz] Annoying pop-ups"
- Previous message: Vladimir Parkhaev: "Re: [fw-wiz] wanted: Cisco PIX Management Tool"
- In reply to: Alex Ongena: "[fw-wiz] Dynamic execution of a script on arrival of a packet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall <firewall-wizards@honor.icsalabs.com> From: Sigurd Urdahl <sigurdur@linpro.no> Date: Thu Oct 31 12:00:02 2002
Alex Ongena <Alex.Ongena@able.be> writes:
> Hi,
>
> I'am using Linux 2.4.19 and iptables.
> I'am looking to make a thing like:
> - by default, everything is denied in the Firewall.
> - on arrival of a packet, a 'script' (ex. perl) is
> called that evaluates some packet details (like
> Source IP, Protocol, Port, date and time of
> arrival, etc..) and can decides to 'add an
> iptable rule on the fly' to accept this and
> future packets.
You probably want to look at the QUEUE target in iptables, described
as:
QUEUE is a special target, which queues the packet for
userspace processing.
search for "Special Built-In targets" in [1].
> The advantage of this script could be that 'acceptance'
> criteria can be determined more flexible
> (for example, checking a database with the relation
> IP <-> User at a certain moment in time)
Depending on what you are going to use this for, maybe it would be
better to either have some kind of logon-enabling instead? Either a
web-form to fill in or maybe with PAM. You might want to take a look
at the Authentication Gateway HOWTO [2].
> PS: I'am new to this list, does there exist a searchable
> archive ?
Follow the link below:)
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
regards,
-sig
[2] http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/index.html
-- Sigurd Urdahl sigurdur@linpro.no Systemkonsulent | Systems consultant www.linpro.no LIN PRO can improve the health of people who consume the eggs, meat and milk [..] (http://www.werneragra.com/linpro.html)
- Next message: Scott, Richard: "RE: [fw-wiz] Annoying pop-ups"
- Previous message: Vladimir Parkhaev: "Re: [fw-wiz] wanted: Cisco PIX Management Tool"
- In reply to: Alex Ongena: "[fw-wiz] Dynamic execution of a script on arrival of a packet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
