Execute a script from iptables

padukes · 03-16-2002, 12:15 PM

Hey all,

Does any know if there isany way to run a script from an iptables rule? Something along the lines of:

iptables -A INPUT -s 1.2.3.4 -j /usr/bin/my_script

Thanks,
pa

Mara · 03-17-2002, 07:53 AM

Isn't it better to get everything to a script and just run the script?

padukes · 03-17-2002, 08:45 AM

What do you mean by "get everything to a script"? and how would I do that?

thanks,
P

Mara · 03-17-2002, 09:01 AM

All rules started from a script. You create file with
#!/bin/sh
#modprobes, if needed
iptables -A input whatever
.
.
.
You save the file, make it executable, and it's done. You can even add it to your boot scripts to run firewall at boot.

padukes · 03-17-2002, 09:38 AM

<grin> what I meant was is there any way to launch a script when a packet matches a particular rule. For example, if i have 3 Input rules:

1. iptables -A INPUT -s 1.2.3.4 -j ACCEPT
2. iptables -A INPUT -s 5.6.7.8 -j /usr/bin/my_script
3. iptables -A INPUT -s 9.10.11.12 -j ACCEPT

Is there any way to have my_script executed every time a packet matches rule #2?

Thanks again,
Doug

Mara · 03-17-2002, 09:47 AM

I'm not 100% sure, but I think it's impossible. Iptables won't let you. Rules have their syntax and there is no place for a script. But maybe there are other utilities that can do it.

bbenz3 · 03-17-2002, 06:15 PM

You would either have to write yourself a daemon or find one that runs in the background that would identify incoming IPs. Otherwise there isn't much hope.