Two questions/proposals for the netfilter core developers
Thu, 25 Oct 2001 12:14:54 -0700 (PDT)
--- s I n <sin@Aniela.EU.ORG> wrote:
> > > I have two questions for the netfilter core developers and for the others
> > > that know how netfilter works:
> > >
> > > 1) Is someone working (or has the intention) to make match target that can
> > > act like a dynamic firewall, that can be used like this:
> > >
> > > ~# iptables -A INPUT -p TCP -m string --string "hello" -j DYNAMIC --action
> > > DROP
> > >
> > > and the effect to such a command to be the insertion of a new rule that
> > > will drop all the traffic comming from the host that sent the string
> > > "hello" to the host receiving it ?
> > No. netfilter, and kernel-space in general, is NOT the place to be
> > doing this. If you are looking for CodeRed/Nimda/CGI stuff, get a web proxy
> > like Squid, which IIRC comes with support for the SO_ORIGINAL_DST setsockopt.
> The string match option was just an example. The ideea was to match
> something (like a portscan) and than dinamically drop new connections
> from the host that made the portscan, and so avoid another portscans or
> an attack from that host. This kind of new target would be usefull if you
> have a machine and don't have time to check the logs for clues about
> portscans and then to find the ip from where the portscan came and then to
> add a rule to the iptables that drops connections from that ip.
Oh. IIRC, hogwash does that.
Unfortunately the URL is missing from my brain right now, so you'll
have to do a search (Google).
> I hope now I made my self understood.
> Patrascu Eugeniu.
Permanent e-mail: email@example.com
Current e-mail: firstname.lastname@example.org
Alternate e-mail: email@example.com
Do You Yahoo!?
Make a great connection at Yahoo! Personals.