Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-16-2002, 01:15 PM
|
#1
|
LQ Newbie
Registered: Mar 2002
Posts: 4
Rep:
|
Execute a script from iptables
Hey all,
Does any know if there isany way to run a script from an iptables rule? Something along the lines of:
iptables -A INPUT -s 1.2.3.4 -j /usr/bin/my_script
Thanks,
pa
|
|
|
03-17-2002, 08:53 AM
|
#2
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
Isn't it better to get everything to a script and just run the script?
|
|
|
03-17-2002, 09:45 AM
|
#3
|
LQ Newbie
Registered: Mar 2002
Posts: 4
Original Poster
Rep:
|
What do you mean by "get everything to a script"? and how would I do that?
thanks,
P
|
|
|
03-17-2002, 10:01 AM
|
#4
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
All rules started from a script. You create file with
#!/bin/sh
#modprobes, if needed
iptables -A input whatever
.
.
.
You save the file, make it executable, and it's done. You can even add it to your boot scripts to run firewall at boot.
|
|
|
03-17-2002, 10:38 AM
|
#5
|
LQ Newbie
Registered: Mar 2002
Posts: 4
Original Poster
Rep:
|
<grin> what I meant was is there any way to launch a script when a packet matches a particular rule. For example, if i have 3 Input rules:
1. iptables -A INPUT -s 1.2.3.4 -j ACCEPT
2. iptables -A INPUT -s 5.6.7.8 -j /usr/bin/my_script
3. iptables -A INPUT -s 9.10.11.12 -j ACCEPT
Is there any way to have my_script executed every time a packet matches rule #2?
Thanks again,
Doug
|
|
|
03-17-2002, 10:47 AM
|
#6
|
Moderator
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696
|
I'm not 100% sure, but I think it's impossible. Iptables won't let you. Rules have their syntax and there is no place for a script. But maybe there are other utilities that can do it.
|
|
|
03-17-2002, 07:15 PM
|
#7
|
Member
Registered: Feb 2002
Location: Orlando
Distribution: Whatever I feel like at the time I install.
Posts: 284
Rep:
|
You would either have to write yourself a daemon or find one that runs in the background that would identify incoming IPs. Otherwise there isn't much hope.
|
|
|
All times are GMT -5. The time now is 03:50 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|