Two questions/proposals for the netfilter core developers

Nigel Kukard nkukard@lbsd.net
Fri, 26 Oct 2001 00:02:59 +0000 (UTC)


--- s I n <sin@Aniela.EU.ORG> wrote:
> Hi,
> 
> 
> I have two questions for the netfilter core developers and for the others
> that know how netfilter works:
> 
> 1) Is someone working (or has the intention) to make match target that can
> act like a dynamic firewall, that can be used like this:
> 
> ~# iptables -A INPUT -p TCP -m string --string "hello" -j DYNAMIC --action
>    DROP
> 
> and the effect to such a command to be the insertion of a new rule that
> will drop all the traffic comming from the host that sent the string
> "hello" to the host receiving it ?
> 

actually yes, i'm working on such a thing... basically using the idea from
ULOG, matching packets & sending them to a central database server... every
evening all the clients download these new updates and block possibly
dangerous hosts. say for instance a host makes requests on an unused ip
(we use these to detect things like nimba), if more than 2 ip's out of our
multiple class C's gets hit an entry is made into the database for 7 day
"ban", if more than 5 hosts get hit, the server tries to get the admin
contact of the ip owner & sends off an email with detailed logs.

> 
> 2) Is someone working (or has the intention) to make a module for
> netfilter that cand do per host/service accounting without influencing the
> behaviour of a firewall ?
> 

i've written an iptables parser, which i'm currently (as i write this),
rewriting... it takes match rules out a config file and builds simple
tables which are then parsed by a perl script & inserted into a postgres
database. from there, a cgi script is used which pulls values out of
the database creating either reports or graphs, this is attatched to the
  ESTABLISHED,RELATED   match, so it doesn't affect the actual firewall
as we accept packets there anyway.

> 

the first software package i described above is still in testing & no
public release is available as yet. the second of which is basically
the same story, but if u like i could send u a copy of the scripts
and u could try figure them out.

> 
> Regards,
> 
> 	Patrascu Eugeniu



================================================================================

Contact Details
---------------
Name: Nigel Kukard
GSM Mobile: (+27) 082 564 2120
GSM Fax: (+27) 082 131 564 2120
Email: nkukard@linuxrulz.za.net

Organizations
-------------
 - LinuxRulz
     Url: http://www.linuxrulz.za.net
     Position: Owner
 - Linux Based Systems Design
     Url: http://www.lbsd.net
     Position: Systems Designer, Programmer
 - Lando Technologies
     Url: http://www.lando.co.za
     Position: Linux Systems/Network Administrator