On Sun, May 13, 2001 at 09:25:20PM -0400, Ramin Alidousti wrote: > On Sun, May 13, 2001 at 06:13:03PM -0700, Mike Fedyk wrote: > > > On Sun, May 13, 2001 at 08:41:15PM -0400, Michael T. Babcock wrote: > > > On 10 May 2001 18:24:18 -0700, Mike Fedyk wrote: > > > > > I'm not aware of one, but it shouldn't be too hard to write a program > > > > > that would watch for outgoing connections via netlink (Linux) or some > > > > > such device and request ident information about that user before > > > > > deciding to allow or deny the request. > > > > > > > > > > One might exist. > > > > > > > > What level of programming would it require? Perl, shell or C? > > > > > > Perl or C depending on the speed of your connection and your CPU > > > horsepower (as every packet or packet header would be inspected). > > > > Isn't there a way to only look at packets that would be blocked by the > > filters only? This would alleviate much of the burden on the processor for > > even a C program. > > I believe that you can use QUEUE target of netfilter to check packets in the > userland selectively. > > Ramin I think I saw something in 2.2 that will do that too, don't know the interface though...
