On Mon, 2004-10-04 at 18:07, Doug Yeager wrote: > i would like to use netfilter to snoop SMTP packets on my firewall. > has anybody done this? is it possible? > i was leaning in the direction of trying to use the QUEUE target for > user space processing.....but i'm not sure if that is the way to go. the QUEUE target is the way to go if you need to do custom processing to make the accept/drop decision; or if you want to modify & reinsert the packet into the stream. > once i send the packet to the QUEUE target, how do i put it back on the > wire? > what i really want is a copy of each packet to port 25 sent to a user > space program. if you just need to capture packets, you can use any bpf reader to do it (tcpdump, snort, ethereal). not 100% sure what you looking to do, but snort inline (http://snort-inline.sourceforge.net/) may be of some use to you as well. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
