iptables & DNS packets
Hi,
I'm trying to work out a way to inspect/modify dns requests as an advertising filter. Iptables is a good place to do this, but I'm having some problems disassembling the packet.
Test:
On my dev box, when a DNS reply is returned from a request made on the dev box. I use this rule to route the reply packet through a queue:
iptables -A INPUT -p udp --sport 53 -j NFQUEUE --queue-num 1
Will the rule catch the inbound udp packet with the dns reply in it?
I get something in the queue, but it's unintelligible when attempting to disassemble the packet. I don't want to move onto looking at my program until I get some feedback on the rule.
Here's a primitive diagram of what I'm working towards:
host ->DNS request->iptables(no outbound rules)-> DNS Server
->DNS Answer ->iptables(queue udp 53 packets)
->inspect packet program-> Allow/Deny -> host processes allowed packets
|