Create Iptables Rule Per Process/Service

create iptables rule per process/service

It looks like the owner iptables module is that what you want. First, check if it's available in Your system:

iptables -m owner --help

You can read more here: http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH

Run a system command when an IPTables rule is matched

Here is how you do it:


iptables -I FORWARD -p tcp --dport 80 -d a.b.c.d -j LOG --log-prefix="TRIGGER ME NOW !!!"



tail -f some-logfile | awk '/some-pattern/ {system("run-some-command")}'


Should be straight forward enough and should be able to deal with lots of traffic, the tail command should be quick enough... Just make sure the file doesn't grow too much.

How can I use iptables to make a TCP proxy between me and a outside service?

You can try using owner module and skip the redirection for the traffic coming from the proxy. Check for --uid-owner or --pid-owner, you should be able to differentiate the traffic based on either of these.

Something like this,

iptables -t nat -I OUTPUT -m owner -p tcp -d <address> --dport <port> --uid-owner <proxy-owner> -j ACCEPT

Linux per program firewall similar to windows and mac counterparts

To answer your 3rd point.
There is such a program which provides zenity popups, it is called Leopard Flower:
http://sourceforge.net/projects/leopardflower

How to manipulate iptables rules from the web script

When you call system("iptables -L"); you may or may not be able to find iptables, depending on your PATH environment variable. You should prepend the path to where the binary is so that you know it will be found:

int result = system("/sbin/iptables -L");

---

Related Topics