1

I'm trying to create a system to filter out certain types of internet traffic on a network. Basically, I'd like to be able to inspect packets that are destined for the internet and choose whether to let them through or to simply drop them (think UDP packets).

The rules for deciding are rather complex and can't be written as simple firewall rules. I'd like to write a program to make this determination.

I've built a Linux system and am using arpspoof to ensure that all of the network traffic flows through this system. I know that I can set /proc/sys/net/ipv4/ip_forward to 0 or 1 to block all traffic from being forwarded or allowing everything through. I can also write firewall rules to do simple things.

How do I get all of the traffic to go through a program I've written to decide whether the data should be forwarded or dropped? What sorts of tools or systems should I be looking at?

Improve this question

1 Answer 1

Reset to default
1 
# iptables -A PREROUTING -t nat -j NFQUEUE --queue-num 0

Then write your own userspace program. https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/

But I think netfilter has already all capabilities what you want; you can write very complex rules with iptables/nftables.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.