Privileged host, trigger script via netfilter?
Mircea Neacsu
mircea@videotron.ca
Sun, 7 Oct 2001 22:40:37 -0400
> What I want is to allow my host to send a ping or similar to the firewall
> with the result of setting a special rule to route all unknown (i.e.
Failed
> connection tracking) trafik to that host.
What about sending a mail message to a (inexistent) user and have procmail
run a script on the received message.
Alternatively, if you are using xined you could connect to a port and have
xinetd start the script. I haven't tried that but I think it could work.
Mircea
----- Original Message -----
From: "John Nilsson" <pzycrow@hotmail.com>
To: <netfilter@lists.samba.org>
Sent: Sunday, October 07, 2001 4:38 PM
Subject: Privileged host, trigger script via netfilter?
> I wonder, what is the best way to have netfilter change some settings
after
> a specifik packet is traversing the chains.
>
> What I want is to allow my host to send a ping or similar to the firewall
> with the result of setting a special rule to route all unknown (i.e.
Failed
> connection tracking) trafik to that host.
>
> A special packet (ping?) comes from 192.168.0.3
>
> triggers sh /etc/init.d/firewall 192.168.0.3
> this script has theese lines (among others):
> iptables -X
> iptables -F
> iptables -Z
> [ ".$1" != "." ] && iptables -A FORWARD -d $1 -j ACCEPT
> [ ".$1" != "." ] && iptables -A PREROUTING -d $IPFW -j DNAT --to $1
>
> Question 1: Will the script do the intended?
> Question 2: What is the best way to trigger this script form the INPUT
> chain?
> Note that security is not a big issue. My main intrest is NAT.
>
> /John Nilsson
>
> P.S. Please CC me, of some reason I cannot read the digests D.S.
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp