* Launch script when packet is received
@ 2007-03-05 23:03 octane indice
2007-03-06 12:53 ` Amin Azez
0 siblings, 1 reply; 3+ messages in thread
From: octane indice @ 2007-03-05 23:03 UTC (permalink / raw)
To: netfilter-devel
Hello
Is there any way to do something like this:
iptables -A INPUT <packet> -j ACTION --script /sbin/myscript.sh
And better, with myscript.sh called with arguments like IP src or dest or
protocol or type of packet?
thanks
Tout doux les dépenses santé. Votre Assurance Santé à partir de 18€ par mois : http://www.alinto.com/pub/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Launch script when packet is received
2007-03-05 23:03 Launch script when packet is received octane indice
@ 2007-03-06 12:53 ` Amin Azez
2007-03-06 13:12 ` Maik Hentsche
0 siblings, 1 reply; 3+ messages in thread
From: Amin Azez @ 2007-03-06 12:53 UTC (permalink / raw)
To: octane indice; +Cc: netfilter-devel
* octane indice wrote, On 05/03/07 23:03:
> Hello
>
> Is there any way to do something like this:
>
> iptables -A INPUT <packet> -j ACTION --script /sbin/myscript.sh
>
> And better, with myscript.sh called with arguments like IP src or dest or
> protocol or type of packet?
err.... crikey!
The short answer is: Thankfully not.
The longer answer is yeee-ee-e-es.
You can either use -j LOG and fiddle with your syslog.conf file so that
the logged messages that match are written to a named pipe, and you have
a dispatch daemon that listens on the pipe (you can write this in bash)
and calls your scripts.
Or you could use the depracated ULOG v1 target which receives packets
over netlink and hack the ulog daemon to do your bidding launching scripts.
Or you could use the QUEUE target to queue whole packets to user space
and then use a perl NF QUEUE hander to do your work for you.
I'm sure you have an interesting reason for wanting to do it.
Just don't ask for shell script matches where the exit code of the shell
script is taken as the match result. Although you could probably do this
using the NF QUEUE method you would also have bad dreams. Or something.
Sam
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Launch script when packet is received
2007-03-06 12:53 ` Amin Azez
@ 2007-03-06 13:12 ` Maik Hentsche
0 siblings, 0 replies; 3+ messages in thread
From: Maik Hentsche @ 2007-03-06 13:12 UTC (permalink / raw)
To: netfilter-devel
Zitat von Amin Azez <azez@ufomechanic.net>:
> Or you could use the depracated ULOG v1 target which receives packets
> over netlink and hack the ulog daemon to do your bidding launching scripts.
Or you can use specter for the same deprecated ULOG target because
this daemon already has a "call a script" module (among other
improvements over ulogd). Unfortunatelly I do not know of any efforts
to make specter use libnfnetlink.
so long
Maik
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-03-06 13:12 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-05 23:03 Launch script when packet is received octane indice
2007-03-06 12:53 ` Amin Azez
2007-03-06 13:12 ` Maik Hentsche
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).