IPTables Packet handling
Hi,
I have been trying to figure out how would I be able to setup iptables to forward original or copy of packets to an another filtering system for additional filtering
example:
--- Packet ---> [IPTables-Pre-State] ---> [Additional Filter] ---> [IPTables-Post-State]
OR
--- Packet --> [IPTables-Pre-State] ---> [IPTables-Post-State] --> [Copy send to Additional Filtering System as well as out the interface]
I wanted to try few things in my spare time to build an open-source filter based on L7 by reading the packets content and adjusting the IPTables Rule on a as-needed basis where an application is allowed or not...
similar to what ngfw are doing
thanks
|