Packet Inspecting Filter with IPTables
Deepak Seshadri
dseshadri at broadbandmaritime.com
Thu Aug 26 13:11:48 CEST 2004
Hi Jeremy,
You can either use Snort or there is a patch available to do layer7 filtering. The link is
http://l7-filter.sourceforge.net/
After patching your kernel & iptables you will be able to create your own script to catch the packets and take action on them. It is a very good tool. I have been using this a lot to track p2p traffic, messenger traffic that disguise themselves and run on port 80.
I hope this helps.
Good luck,
Deepak
----- Original Message -----
From: Jeremy Andrew
To: netfilter at lists.netfilter.org
Sent: Thursday, August 26, 2004 1:50 AM
Subject: Packet Inspecting Filter with IPTables
I wish to implement a feature on a linux box which I explained with detail
in the following text;
I have read about many different articles on how to take actions based on
the contains of a packet. I think netfilter/iptables has support of what I
wish to deploy on a Linux machine (kernel 2.4.20) acting as a gateway
network node. I have not found enough information about the exact steps to
be taken in order to;
- Inspect each and every incoming packet for a specific port (ftp as an
example), and then if the data packet contains a specific set of bits (ascii
characters "GLOB" e.g), take actions based on a predefined rule (send a
message to syslog) and then "drop" this packet.
Should I install a newer version than I currently have (iptables v1.2.6a)
or does this version contain the feature I require? Indeed, I do not wish to
make an upgrade to iptables since this is a "production" environment, but I
can add another box only for this purpose, so even alpha / beta versions are
accepted.
I would be glad if I see exact steps to take since I really do not have much
time to make a research on the matter right away.
Regards...
More information about the netfilter
mailing list