Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > firewall design

Reply
Thread Tools Display Modes

firewall design

 
 
Sridhar Natarajan
Guest
Posts: n/a

 
      12-28-2004, 12:36 PM
i aspire to design a content based packet filter (in a router)in this
manner:-
* disable the routing function.
* use tcpdump to monitor and capture packets on incoming
interface.
* parse the packet content till application layer content and
check if it matches with the filtering criteria.
* if not inject the packet in the outgoing interface by hacking
the kernel network testing machanism("Packet Generator" of linux
2.4)to generate a copy of the packet.
i need suggestions on this strategy.
 
Reply With Quote
 
 
 
 
Tauno Voipio
Guest
Posts: n/a

 
      12-28-2004, 08:29 PM
Sridhar Natarajan wrote:
> i aspire to design a content based packet filter (in a router)in this
> manner:-
> * disable the routing function.
> * use tcpdump to monitor and capture packets on incoming
> interface.
> * parse the packet content till application layer content and
> check if it matches with the filtering criteria.
> * if not inject the packet in the outgoing interface by hacking
> the kernel network testing machanism("Packet Generator" of linux
> 2.4)to generate a copy of the packet.
> i need suggestions on this strategy.

Don't.

There is a good way to get packets into and out of
the network stack at the driver level: the tun/tap
device driver. Have a look at it, so you do not
need to do a kludge into the network stack.

To use it, you have to enable packet forwarding.

The proper way to limit what is forwarded and where,
is using iptables.

--

Tauno Voipio
tauno voipio (at) iki fi
 
Reply With Quote
 
Jose Maria Lopez Hernandez
Guest
Posts: n/a

 
      01-16-2005, 06:00 PM
Sridhar Natarajan wrote:
> i aspire to design a content based packet filter (in a router)in this
> manner:-
> * disable the routing function.
> * use tcpdump to monitor and capture packets on incoming
> interface.
> * parse the packet content till application layer content and
> check if it matches with the filtering criteria.

You can use snort-inline to read the tcpdump files and very simple rules
to stop the traffic you want to.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
 
Reply With Quote
 
 
 
Reply

« iptables | Other discussion forum »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Website Design NC jmaweb Wireless Internet 0 07-23-2011 04:31 AM
Server 2008 with Hyper-V - domain controller - Firewall GUI's show firewall ON, but netsh reports firewall OFF Bruce Sanderson Windows Networking 7 10-07-2008 09:57 AM
Design Freddy Windows Networking 0 02-04-2006 07:01 AM
Network Design Darrell Martin Windows Networking 13 06-10-2005 03:44 PM
Design of WLAN Tomek W. Wireless Internet 1 08-13-2004 04:10 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11