LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-15-2005, 05:55 AM   #1
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Rep: Reputation: 15
Arrow iptables packet data filtering firewall


Hello, I needs helpz0r!

Are there any good tutorials on how to create a firewall with iptables that examines the contents of a packet and drops those packets that match a certain pattern of bytes on certain location from the beginning of the packet data but forwards the rest of the packets that don't?
Similar to Winsock Packet Editor Pro Alpha (WPE) for Windows XP where you can tell it to drop packets (for a chosen process) that have a certain string or given sequence of bytes found inside the packet data section on a given location... Example: a packet that has byte 0A on position 3 and byte FF on position 8 from the beginning - drop it!
However WPE lacks features so I'd like to have a linux version with a little bit more features:

some math - see if byte A matches sum of byte B and C
check the length of packet data and see if it exceeds a given limit depending on what bytes the packet begins with
etc.

To me this sounds like that I only have to retreive the packet data from iptables into a custom script I'm supposed to write which then analyzes the packet and tells iptables that it is safe to forward it or to drop it.

I would need this so that I can safely host a server for an older PC game because there are lots of hackers who keep crashing servers and doing other damage. I need it to block those attacks (yes, I know how the attack packets look like, the ports used and protocols).

Thanks in advance!
 
Old 08-15-2005, 06:07 AM   #2
<Ol>Origy
Member
 
Registered: Aug 2003
Location: Slovenia
Distribution: Arch, Debian, Embedded
Posts: 136

Original Poster
Rep: Reputation: 15
Something like a proxy would be neccessary if I'm correct. A game connects to that proxy instead of the actual server and the proxy then forwards the connection to the actual server but watches for bad packets and drops them.
On a sub-related note: Is there a Windows firewall already capable of doing this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ESSENTIAL FIREWALL RULES for packet filtering studpenguin Linux - Networking 10 12-05-2010 09:06 AM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
Packet filtering firewall Maintech Slackware 3 10-30-2005 11:34 AM
Per-program packet filtering with iptables? tumbelo Linux - Security 1 08-01-2005 10:53 PM
Packet Filtering Firewall empre55 Linux - Networking 1 03-20-2005 08:35 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration