I'm fairly new to netfilter as well and this might or might not be helpful. The netfilter hacking document available here: http://www.netfilter.org/documentation/HOWTO//netfilter-hacking-HOWTO.txt Talks about the various hooks that a program can register for. Maybe that would be a feasible way of calling a script. The flow might look something like this: Call hook on packet receive >> Check against filters >> [Perform your operations] >> Send out one of the 5 status for what to do next. (NF_ACCEPT, NF_DROP, ...) I was in the same boat trying to find something that would call a remote API endpoint for all packets that matched a filter. Hope that helps, Abhi On Thu, Mar 8, 2012 at 11:19 AM, Andrew Beverley <andy@xxxxxxxxxxx> wrote: > On Thu, 2012-03-08 at 13:45 +0100, tobi wrote: >> As mentioned in subject I want to run an external script upon matching >> of a certain rule. > > I'm not aware of any way to do that. What exactly do you want to > achieve? It may be that there is another way of doing what you want. > > Andy > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
