On Fri, 17 May 2002 09:17:06 EDT, BurntCircuit <burntcircuitphreaker.net> said:
> is it posible to setup iptables to launch a program or shellscript if the
> packet matchs a spasific rule? i have checked the man file and didnt find
> anything but i might have missed it. is there a module that does it? if not
> how would i do something like that? thanks for your time

Would this help? Have the program listening on the other end of the netlink?
(I haven't tried it myself).

(From 'man iptables')
   ULOG
       This target provides userspace logging of matching packets. When this
       target is set for a rule, the Linux kernel will multicast this packet
       through a netlink socket. One or more userspace processes may then sub-
       scribe to various multicast groups and receive the packets.

       --ulog-nlgroup <nlgroup>
              This specifies the netlink group (1-32) to which the packet is
              sent. Default value is 1.

       --ulog-prefix <prefix>
              Prefix log messages with the specified prefix; up to 32 charac-
              ters long, and useful fro distinguishing messages in the logs.

       --ulog-cprange <size>
              Number of bytes to be copied to userspace. A value of 0 always
              copies the entire packet, regardless of its size. Default is 0

       --ulog-qthreshold <size>
              Number of packet to queue inside kernel. Setting this value to,
              e.g. 10 accumulates ten packets inside the kernel and transmits
              them as one netlink multipart message to userspace. Default is 1
              (for backwards compatibility)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQE85RmacC3lWbTT17ARAv6RAKCjYw5yweD6s6HNVh073RdeRNvAvwCeJk7d
PgYmezS1k3nCce+TY+XSfWw=
=kLyO
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]