Le mercredi 24 mai 2006 à 19:09 +0200, halfdog@xxxxxx a écrit : > Hi all, > > I want to write a (simple) user space firewall. All packets not acceptable for > the iptables go to as netlink message (ulog) to the user space. All established > connections are kept. The user is then to decide, if he accepts the connection. have you heard about libnetfilter_queue (or ip_queue). This is done for that. Do NOT use ulog to do this! See http://www.netfilter.org/ for information about libnetfilter_queue. For code example, you can have a look at NuFW : http://www.nufw.org/ BR, > > Use case: Lets assume a Tcp-Syn hits the iptables, gets rejected, captured by my > software. What should I do to make the connection stable? > > * Just push the Syn into the stack again, will this make the connection > established? If yes, where to put it so that I do not have to care about Nat and > so on, so it should go rather the same way an accepted packet would have gone. > > * Modify the conntrack tables first and then push the syn back? > > * Do I have to go an more complicated way? > > Thanks for your input, > > halfdog > > > >
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
