Re: [fw-wiz] Dynamic execution of a script on arrival of a packet

From: Sigurd Urdahl (sigurdur@linpro.no)
Date: 10/31/02


To: firewall <firewall-wizards@honor.icsalabs.com>
From: Sigurd Urdahl <sigurdur@linpro.no>
Date: Thu Oct 31 12:00:02 2002

Alex Ongena <Alex.Ongena@able.be> writes:

> Hi,
>
> I'am using Linux 2.4.19 and iptables.
> I'am looking to make a thing like:
> - by default, everything is denied in the Firewall.
> - on arrival of a packet, a 'script' (ex. perl) is
> called that evaluates some packet details (like
> Source IP, Protocol, Port, date and time of
> arrival, etc..) and can decides to 'add an
> iptable rule on the fly' to accept this and
> future packets.

You probably want to look at the QUEUE target in iptables, described
as:

        QUEUE is a special target, which queues the packet for
        userspace processing.

search for "Special Built-In targets" in [1].

> The advantage of this script could be that 'acceptance'
> criteria can be determined more flexible
> (for example, checking a database with the relation
> IP <-> User at a certain moment in time)

Depending on what you are going to use this for, maybe it would be
better to either have some kind of logon-enabling instead? Either a
web-form to fill in or maybe with PAM. You might want to take a look
at the Authentication Gateway HOWTO [2].

> PS: I'am new to this list, does there exist a searchable
> archive ?

Follow the link below:)

> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

regards,

-sig

[1] http://www.netfilter.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc-7.html

[2] http://linux-rep.fnal.gov/howtos/Authentication-Gateway-HOWTO/index.html

-- 
Sigurd Urdahl                               sigurdur@linpro.no
Systemkonsulent | Systems consultant             www.linpro.no
LIN PRO can improve the health of people who consume the eggs,
meat and milk [..] (http://www.werneragra.com/linpro.html)


Relevant Pages

  • Iptables and SAMBA - Im going MAAAAAAAAAAAAAAAAAADDDDDDD!!!
    ... On this linux box i have two net cards that go to two clients ... (samba works perfectly if i shut down iptables) ... #nelle regole - MODIFICARE SECONDO I PROPRI PARAMETRI ... #della rete Interna ...
    (comp.os.linux.networking)
  • Re: firewall performance throughput between Linux and OpenBSD
    ... > The firewall is used to connect a private network to the internet. ... > ftp-proxy and the linux box does not. ... Running with a full pf rules file or the wideopen version ... > full rules file using iptables. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Help: My girlfriends XP box cant see my Linux samba shares
    ... Mike Martin wrote: ... >I've goggle'd all over and read ten different sites for Samba conf but I'm ... Just a checkup - this should show everything is shared on your linux box. ... iptables -P FORWARD ACCEPT ...
    (alt.os.linux)
  • Cant route through Linux box
    ... We have an SDSL connection with a few static IP's. ... I can ping the sdsl router 66.80.220.65 from the linux system. ... $IPTABLES -F OUTPUT ...
    (comp.os.linux)
  • Re: Confounded by iptables
    ... ready made iptables rule-sets for standard internet firewalling. ... >> I am now able to get online and surf the web from the Linux box. ... I can't manage to start the network to get packets routed. ...
    (comp.os.linux.networking)