User space firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,
I want to write a (simple) user space firewall. All packets not acceptable for the iptables go to as netlink message (ulog) to the user space. All established connections are kept. The user is then to decide, if he accepts the connection.
Use case: Lets assume a Tcp-Syn hits the iptables, gets rejected, captured by my software. What should I do to make the connection stable?
* Just push the Syn into the stack again, will this make the connection established? If yes, where to put it so that I do not have to care about Nat and so on, so it should go rather the same way an accepted packet would have gone. 

* Modify the conntrack tables first and then push the syn back?

* Do I have to go an more complicated way?

Thanks for your input,

halfdog
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux