* Is libiptc still the preferred library for manipulating tables?
@ 2007-02-25 19:05 Warren Kenny
2007-02-26 12:23 ` Pablo Neira Ayuso
0 siblings, 1 reply; 5+ messages in thread
From: Warren Kenny @ 2007-02-25 19:05 UTC (permalink / raw)
To: netfilter-devel
This subject seems a bit hazy to me at the moment. Basically I'm
writing a network intrusion detection and prevention system for Linux
and I'd like to be able to use Netfilter to block packets coming from
nodes which have been identified as malicious. I'd prefer to avoid the
use of libnetfilter_queue since I'm already using libpcap for packet
analysis and it has some extras that I rely on. Basically I want to
add new tables and rules from within my application in order to filter
out malicious traffic.
There seem to be a lot of different guides on how to do this, most of
which are obsolete, including the guide on libiptc. I need to know the
latest and best way to manipulate iptables rules.
Thanks,
WK
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Is libiptc still the preferred library for manipulating tables?
2007-02-25 19:05 Is libiptc still the preferred library for manipulating tables? Warren Kenny
@ 2007-02-26 12:23 ` Pablo Neira Ayuso
2007-03-02 19:44 ` Henrik Nordstrom
0 siblings, 1 reply; 5+ messages in thread
From: Pablo Neira Ayuso @ 2007-02-26 12:23 UTC (permalink / raw)
To: Warren Kenny; +Cc: netfilter-devel
Warren Kenny wrote:
> This subject seems a bit hazy to me at the moment. Basically I'm
> writing a network intrusion detection and prevention system for Linux
> and I'd like to be able to use Netfilter to block packets coming from
> nodes which have been identified as malicious. I'd prefer to avoid the
> use of libnetfilter_queue since I'm already using libpcap for packet
> analysis and it has some extras that I rely on. Basically I want to
> add new tables and rules from within my application in order to filter
> out malicious traffic.
>
> There seem to be a lot of different guides on how to do this, most of
> which are obsolete, including the guide on libiptc. I need to know the
> latest and best way to manipulate iptables rules.
Unfortunately, libiptc is not a supported as a standalone library, it is
just a directory inside iptables. The only interface available, at the
moment, is iptables, the command line tool. You can blame us for not
providing an appropiate library interface yet.
--
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Is libiptc still the preferred library for manipulating tables?
2007-02-26 12:23 ` Pablo Neira Ayuso
@ 2007-03-02 19:44 ` Henrik Nordstrom
0 siblings, 0 replies; 5+ messages in thread
From: Henrik Nordstrom @ 2007-03-02 19:44 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, Warren Kenny
[-- Attachment #1: Type: text/plain, Size: 731 bytes --]
mån 2007-02-26 klockan 13:23 +0100 skrev Pablo Neira Ayuso:
> Unfortunately, libiptc is not a supported as a standalone library, it is
> just a directory inside iptables. The only interface available, at the
> moment, is iptables, the command line tool. You can blame us for not
> providing an appropiate library interface yet.
This said, "iptables-restore -n" is a quite effective and potent batch
interface for rule updates.
And if it (or actually the underlying iptables code it's using) had an
option for dumping rules in iptables-save format then it could be as
potent for read access as well.. Today iptables-restore can only read
rules to the same level of detail as iptables -L -v.
Regards
Henrik
[-- Attachment #2: Detta är en digitalt signerad meddelandedel --]
[-- Type: application/pgp-signature, Size: 307 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Is libiptc still the preferred library for manipulating tables?
@ 2007-05-12 1:34 Hal Moroff
2007-05-15 7:07 ` Henrik Nordstrom
0 siblings, 1 reply; 5+ messages in thread
From: Hal Moroff @ 2007-05-12 1:34 UTC (permalink / raw)
To: netfilter-devel
I've been trying for awhile to find this out as well.
I'm working on an appliance and I need to dynamically insert/remove
rules based on
what's happening in the box. I prefer not to resort to
system("itpables yada yada yada")
and so have been trying to use libiptc. I've succeeded in inserting
/ removing simple
rules (based only on source IP and destination IP). I'm struggling
now to understand
how to construct more complex matching rules (destination port).
There's this document:
http://www.opalsoft.net/qos/libiptc/qlibiptc.html
which is incomplete, but mostly correct as far as it goes. I offered
to correct some
errors in the doc, but the author's email address is apparently invalid.
If anyone has any feedback / tips / samples I'd be grateful.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-05-15 7:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-25 19:05 Is libiptc still the preferred library for manipulating tables? Warren Kenny
2007-02-26 12:23 ` Pablo Neira Ayuso
2007-03-02 19:44 ` Henrik Nordstrom
-- strict thread matches above, loose matches on Subject: below --
2007-05-12 1:34 Hal Moroff
2007-05-15 7:07 ` Henrik Nordstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).