Re: Reg:Conntrack-tool for packet dropping?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Ed W,

   Thanks a lot for you reply. Do you mean userspace queues like
libpcap, libnetfilter queue, if not please correct me.

   All my need is to block the application before it establish a
connection with net.

   My initial idea is ,by using libpcap or libnetfilter queue do
packet monitoring and form iptables and block them. But I need to
monitor each and every packets, draw back is before I form iptables
connection will be established by the application.  As we discussed
before, then I go for conntrack, there also i failed.

   Can you please help me on this.

Thanks and Regards,
Manikandan R

On 10/5/11, Ed W <lists@xxxxxxxxxxxxxx> wrote:
> On 04/10/2011 15:09, Manikandan R wrote:
>>  Hi,
>>     I am developing application monitoring tool. When I gothru
>> http://netfilter.org/, I come to know about the conntrack-tool which
>> can be used for monitoring new connection.
>>     I used "conntrackd"(conntrack deamon) for monitoring the packets.
>> Using nfct_callback_register2() am able to handle new packets also,
>> but I need to drop this packet if its related to particular
>> pid/process. Is there is any way/api to drop packets?
>>
>
> Conntrack doesn't quite track all packets - see my previous questions
> about this...
>
> I think also if you need to examine all packets and decide their fate
> ahead of allowing them through then you need to look at userspace queue
> stuff?
>
> Note you can setup some extremely clever filtering using iptables. That
> has the ability to filter based on local user id, possibly process id
> and also your app can set firewall marks on each packet that can be
> easily filtered on later?
>
> Good luck
>
> Ed E
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux