At 11:19 27/04/2004, you wrote:
On Mon, 2004-04-26 at 21:25, DrWho? wrote:
My idea was to use a callback too hook port 80 and use a perl script to reverse lookup the ip address and look for .nz at the end and pass fail there after.
It's not production-ready since I just wrote it by hacking the example code that came with IPTables::IPv4::IPQueue apart, but here's the basics of how it's done.
You'll need 'Userspace queueing via NETLINK' kernel module (ip_queue.ko) and the IPTables::IPv4::IPQueue and NetPacket::IP perl modules.
First hook port 80 like this:
iptables -A INPUT -p tcp --dst $me --dport 80 -j QUEUE
I assume it will work if I just hook SYN requests? I will try it and see.
And the perl script goes something like this:
Thanks, I thought it should be possiable, even if it is slow and nasty<grin> Time for some kernel hacking.
#! /usr/bin/perl
use warnings; use strict; use IPTables::IPv4::IPQueue qw(:constants); use NetPacket::IP; use Socket;
use constant TIMEOUT => 1_000_000 * 2;
my ($queue, $msg, $ip, $host);
$queue = new IPTables::IPv4::IPQueue(copy_mode => &IPQ_COPY_PACKET, copy_range => 2048) or die IPTables::IPv4::IPQueue->errstr;
while (1) { $msg = $queue->get_message(TIMEOUT); if (!defined $msg) { next if IPTables::IPv4::IPQueue->errstr eq 'Timeout'; die IPTables::IPv4::IPQueue->errstr; } if ($msg->data_len()) { $ip = NetPacket::IP->decode($msg->payload()); $host = gethostbyaddr(inet_aton($ip->{src_ip}), AF_INET); #print "Packet from: ",$ip->{src_ip}," - $host ... "; if ($host =~ /\.nz$/) { #print "ACCEPT\n"; $queue->set_verdict($msg->packet_id, NF_ACCEPT); } else { #print "DROP\n"; $queue->set_verdict($msg->packet_id, NF_DROP); } } else { # no data? #print "Dropping empty packet: ",$msg->packet_id(),"\n"; $queue->set_verdict($msg->packet_id, NF_DROP); } }
-- Colin Palmer <colinp(a)waikato.ac.nz> University of Waikato, ITS Division
_______________________________________________ wlug mailing list | wlug(a)list.waikato.ac.nz Unsubscribe: http://list.waikato.ac.nz/mailman/listinfo/wlug