stat module

stat module

[Juha Heljoranta]

Hi, 

I was thinking about to write a module to match outbound packets against
stat (file of filesystem status) information. One might find device and
inode information usefull.

Usage might be something like
$ iptables -A OUTPUT -m stat --device 303 --inode 341166 -j ACCEPT

Anyway, I thought to ask if you have any suggestions, thoughts,
opinions, etc. about this. I might find them helpfull :)

I have about 400 hours to spend on this. So how does it sound? 


Regards,

Juha Heljoranta
email: juha.heljoranta at evitech.fi

Re: stat module

[Patrick McHardy]

Juha Heljoranta wrote:

>Hi, 
>
>I was thinking about to write a module to match outbound packets against
>stat (file of filesystem status) information. One might find device and
>inode information usefull.
>
>Usage might be something like
>$ iptables -A OUTPUT -m stat --device 303 --inode 341166 -j ACCEPT
>
>Anyway, I thought to ask if you have any suggestions, thoughts,
>opinions, etc. about this. I might find them helpfull :)
>  
>
Not sure what you want to match here, is it the inode of the
executable that created the packet ? If so, have a look at
the owner match.


>I have about 400 hours to spend on this. So how does it sound? 
>  
>
I wish I had 400 hours .. ;)

Best regards,
Patrick