University Crest

[wlug] iptables question

 
wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Colin Palmer colinp@w...
Tue Apr 27 11:19:05 NZST 2004


On Mon, 2004-04-26 at 21:25, DrWho? wrote:
> My idea was to use a callback too hook port 80 and use a perl script to 
> reverse lookup the ip address and look for .nz at the end and pass fail 
> there after.

It's not production-ready since I just wrote it by hacking the example
code that came with IPTables::IPv4::IPQueue apart, but here's the basics
of how it's done.

You'll need 'Userspace queueing via NETLINK' kernel module (ip_queue.ko)
and the IPTables::IPv4::IPQueue and NetPacket::IP perl modules.

First hook port 80 like this:

iptables -A INPUT -p tcp --dst $me --dport 80 -j QUEUE


And the perl script goes something like this:

#! /usr/bin/perl

use warnings;
use strict;
use IPTables::IPv4::IPQueue qw(:constants);
use NetPacket::IP;
use Socket;

use constant TIMEOUT => 1_000_000 * 2;

my ($queue, $msg, $ip, $host);

$queue = new IPTables::IPv4::IPQueue(copy_mode => &IPQ_COPY_PACKET, copy_range => 2048)
    or die IPTables::IPv4::IPQueue->errstr;

while (1) {
    $msg = $queue->get_message(TIMEOUT);
    if (!defined $msg) {
        next if IPTables::IPv4::IPQueue->errstr eq 'Timeout';
        die IPTables::IPv4::IPQueue->errstr;
    }
    if ($msg->data_len()) {
        $ip = NetPacket::IP->decode($msg->payload());
        $host = gethostbyaddr(inet_aton($ip->{src_ip}), AF_INET);
        #print "Packet from: ",$ip->{src_ip}," - $host ... ";
        if ($host =~ /\.nz$/) {
            #print "ACCEPT\n";
            $queue->set_verdict($msg->packet_id, NF_ACCEPT);
        } else {
            #print "DROP\n";
            $queue->set_verdict($msg->packet_id, NF_DROP);
        }
    } else {
        # no data?
        #print "Dropping empty packet: ",$msg->packet_id(),"\n";
        $queue->set_verdict($msg->packet_id, NF_DROP);
    }
}

-- 
Colin Palmer <colinp@w...>
University of Waikato, ITS Division




More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato