Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Fri May 17 2002 - 09:54:18 CDT
On Fri, 17 May 2002 09:17:06 EDT, BurntCircuit <burntcircuitphreaker.net> said:
> is it posible to setup iptables to launch a program or shellscript if the
> packet matchs a spasific rule? i have checked the man file and didnt find
> anything but i might have missed it. is there a module that does it? if not
> how would i do something like that? thanks for your time
Would this help? Have the program listening on the other end of the netlink?
(I haven't tried it myself).
(From 'man iptables')
This target provides userspace logging of matching packets. When this
target is set for a rule, the Linux kernel will multicast this packet
through a netlink socket. One or more userspace processes may then sub-
scribe to various multicast groups and receive the packets.
This specifies the netlink group (1-32) to which the packet is
sent. Default value is 1.
Prefix log messages with the specified prefix; up to 32 charac-
ters long, and useful fro distinguishing messages in the logs.
Number of bytes to be copied to userspace. A value of 0 always
copies the entire packet, regardless of its size. Default is 0
Number of packet to queue inside kernel. Setting this value to,
e.g. 10 accumulates ten packets inside the kernel and transmits
them as one netlink multipart message to userspace. Default is 1
(for backwards compatibility)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
-----END PGP SIGNATURE-----