On Sun, May 13, 2001 at 06:13:03PM -0700, Mike Fedyk wrote: > On Sun, May 13, 2001 at 08:41:15PM -0400, Michael T. Babcock wrote: > > On 10 May 2001 18:24:18 -0700, Mike Fedyk wrote: > > > > I'm not aware of one, but it shouldn't be too hard to write a program > > > > that would watch for outgoing connections via netlink (Linux) or some > > > > such device and request ident information about that user before > > > > deciding to allow or deny the request. > > > > > > > > One might exist. > > > > > > What level of programming would it require? Perl, shell or C? > > > > Perl or C depending on the speed of your connection and your CPU > > horsepower (as every packet or packet header would be inspected). > > Isn't there a way to only look at packets that would be blocked by the > filters only? This would alleviate much of the burden on the processor for > even a C program. I believe that you can use QUEUE target of netfilter to check packets in the userland selectively. Ramin
