Am Mon, 2003-06-23 um 20.43 schrieb Tony Thompson:
> I am investigating an option to use netfilter to allow/deny traffic from
> the local subnet based on rules/accounting information that is in
> another (Java based) system. I am new to netfilter so, I can someone
> offer some suggestions:
Hi,
I am doing a similar thing just with apache and netfilter.
I have a webserver running on port 443 requiring authentication. The
webserver then calls a simple cgi-script:
--------------------------
#!/bin/bash
cat <<END
Content-Type: text/html
<center><H1>Hello $REMOTE_USER</H1>
<p>
<p>
Your IP-address $REMOTE_ADDR has been added for the next 3 minutes.
END
echo $REMOTE_ADDR >>address
--------------------------
A cron job runs every minute and checks for the file address and adds it
to the netfilter rules:
#!/bin/bash
if [[ -s /var/www/cgi-bin/address ]]
then
read address < /var/www/cgi-bin/address
rm -f /var/www/cgi-bin/address
touch /var/www/cgi-bin/address
chown apache /var/www/cgi-bin/address
iptables -A u_remote -s $address -p tcp --dport 22 --syn\
-m state --state NEW -j ACCEPT
sleep 180
iptables -D u_remote -s $address -p tcp --dport 22 --syn\
-m state --state NEW -j ACCEPT
fi
Cheers,
Ralf
>
> 1. Is netfilter the right place to hook or should I look at a firewall
> that may provide some higher level hooks for authentication and
> accounting?
>
> 2. If I should hook into netfilter, is it a good idea to call into a
> JVM from a netfilter module?
>
> 3. I am not sure what kind of control I have when using the userspace
> driver but, should I use that in this situation? Can I use that
> directly from Java so I wouldn't have the hassel of calling into a JVM
> from a native process?
>
> If anyone can offer any other suggestions or examples, that would be
> appreciated.
>
> Thanks.
> Tony
--
Ralf Spenneberg
RHCE, RHCX
Book: Intrusion Detection für Linux Server http://www.spenneberg.com
IPsec-Howto http://www.ipsec-howto.org
Honeynet Project Mirror:
http://honeynet.spenneberg.org
