In continuation with the previous blog, we will now have a look at a basic agent which can act as a firewall. This firewall will drop all the packets outgoing to a particular IP destination and let other packets go through.
First we ensure that the following IPTABLES rule is installed:
sudo iptables -A OUTPUT -p ip -j NFQUEUE --queue-num 0
We can validate this by listing all the iptable rules using:
sudo iptables –list
In the first blog of this series, we will focus on the concept of packet interception in user space and later on we will also look into use cases pertaining to this concept.
Such a user space agent can be developed using C (Python also has a similar set of libraries.) on a linux based OS.
Following external libraries would be required:
* libnfnetlink: A low level library for kernel/userspace communication
* libnetfilter_queue: A userspace library providing an API for packets queued by kernel
* libmnl: Internally used by libnetfilter_queue
Additionally, a command line utility called IPTABLES is also needed in order to install rules. Continue reading
talentica.wordpress.com 