Hello to all, i' m writting my undergraduate (computer science) thesis, which is basically a small SPA server implemented using libpcap and iptables. I am having trouble with understanding exactly what rules I need to setup for this to be possible, I know that this has probably been addressed in this mailing list, but even after research I find myself in need of some help. If anyone in the list is familiar with SPA systems can you please lend me a hand in understanding how this can be done with ip tables? Basic operation mode for the server : Authenticate user with the authentication packet sniffed ( done ). change ruleset to open port for the connection. client send keep_alive packets at X s intervals so that if the conexion is hijacked we can close it. close connection this is not too dificult as It would seem that all I have to do is add the rule to the input table other mode would be a "fake-open" in which the port is not actually opened ( undetectable with scanners) but still packets of authenticated users should reach aplication lvl. well there is more that I would need help but understanding this would be of HUGE help Thank you in advance to all that read this. Ps: i ve checkd fwknop code but its waaay bigger than what i need to do, and i 'd rather understand and do myself than read code that already does it. ps2 : form C code is opening a pipe to iptables still the best way to modify rules? Thank you, Charles Romestant. -- Charz -- Charz -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
