From: "Tony Thompson" <tony.thompson@stone-ware.com>
To: netfilter@lists.netfilter.org
Subject: Re: Do I need to write a module?
Date: Tue, 24 Jun 2003 10:22:52 -0500 [thread overview]
Message-ID: <sef8269b.024@mail.stone-ware.com> (raw)
Thanks for the response. Maybe I should give a better picture of what I
am trying to do. I have a private network that I am trying to route
through a Linux box. I want to deny all traffic (from a MAC address)
until a user authenticates, with their browser, to a Java application on
the Linux server (when they authenticate, something has to happen to let
netfilter know that the MAC address is allowed to pass). There has to
be some level of coordination at that point between the Java app and
netfilter so that session timeouts, etc. can be handled. I would like
to have all of this happen as close to real time (i.e. not batched) as
possible.
After writing this out, maybe I don't even need a module but, just a
way to control netfilter from a Java app. I am still open to
suggestions...
Thanks.
Tony
>>> Ray Leach <raymondl@knowledgefactory.co.za> 06/24/03 01:57AM >>>
Hi
Why don't you get the Java app to export some kind of text that you
can
get netfilter to parse with regular unix utilities (sed, awk, grep).
Create a cron job to parse the file every 10 minutes (if that's
regular
enough) that parses the text file and reloads your iptables rules as
per
the file.
Ray
On Mon, 2003-06-23 at 20:43, Tony Thompson wrote:
> I am investigating an option to use netfilter to allow/deny traffic
from
> the local subnet based on rules/accounting information that is in
> another (Java based) system. I am new to netfilter so, I can
someone
> offer some suggestions:
>
> 1. Is netfilter the right place to hook or should I look at a
firewall
> that may provide some higher level hooks for authentication and
> accounting?
>
> 2. If I should hook into netfilter, is it a good idea to call into a
> JVM from a netfilter module?
>
> 3. I am not sure what kind of control I have when using the
userspace
> driver but, should I use that in this situation? Can I use that
> directly from Java so I wouldn't have the hassel of calling into a
JVM
> from a native process?
>
> If anyone can offer any other suggestions or examples, that would be
> appreciated.
>
> Thanks.
> Tony
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
next reply other threads:[~2003-06-24 15:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-24 15:22 Tony Thompson [this message]
2003-06-24 15:55 ` Do I need to write a module? Ramin Dousti
[not found] <sef83134.026@mail.stone-ware.com>
2003-06-24 17:30 ` Ramin Dousti
-- strict thread matches above, loose matches on Subject: below --
2003-06-24 16:08 Tony Thompson
2003-06-23 18:43 Tony Thompson
2003-06-24 6:57 ` Ray Leach
2003-06-25 9:02 ` Ralf Spenneberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=sef8269b.024@mail.stone-ware.com \
--to=tony.thompson@stone-ware.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.