mimanium (at) hotmail (dot) com [email concealed] wrote:
> Of corse!
>
> The C programme will be a network intrusion prevention system (NIPS)that sits inline, it must capture packets from the first NIC, analyse them then decide whether to let them pass throu the second nic or to drop them.
> I know the libpcap and the libnids do only copy the packets and don't allow to drop them.
>
> I am a newbe in IPtables and I wonder if I could use them for such a purpose.
>
Why not use the ip_queue (old) or newer libnetlink_queue (new) interface
for that? These are designed to do just that. For example look at how
the snort_inline project handles this.
> Of corse!
>
> The C programme will be a network intrusion prevention system (NIPS)that sits inline, it must capture packets from the first NIC, analyse them then decide whether to let them pass throu the second nic or to drop them.
> I know the libpcap and the libnids do only copy the packets and don't allow to drop them.
>
> I am a newbe in IPtables and I wonder if I could use them for such a purpose.
>
Why not use the ip_queue (old) or newer libnetlink_queue (new) interface
for that? These are designed to do just that. For example look at how
the snort_inline project handles this.
Regards,
Victor
[ reply ]