netfilter queue ( python nfqueue )

small tips. here is how to use python nfqueue.

client : 192.168.11.30

nfqueue box : 192.168.11.100

just referred to https://pypi.python.org/pypi/NetfilterQueue

# tail -1 /etc/lsb-release DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS" # uname -ri 3.2.0-48-generic x86_64

install C compiler, Python dev and Libnetfilter queue etc.

# apt-get install build-essential python-dev libnetfilter-queue-dev nfqueue-bindings-python python-nfqueue python-netfilter # pip install NetfilterQueue

add a iptables rule.

# iptables -I INPUT -d 192.168.10.0/24 -j NFQUEUE --queue-num 1

The following script will print and accept packets queued in number 1.

# cat -n nf_queue_01.py     1  #!/usr/bin/env python     2     3  from netfilterqueue import NetfilterQueue     4     5  def print_and_accept(pkt):     6          pkt.accept()     7          pkt_payload = pkt.get_payload()     8          print "accept : %s" % pkt     9          print "payload: %s" % pkt_payload    10    11  nfqueue = NetfilterQueue()    12  nfqueue.bind(1, print_and_accept)    13    14  try:    15          nfqueue.run()    16  except KeyboardInterrupt:    17          print

run the script

# ./nf_queue_01.py

from the client , access to the nfqueue box.

# curl http://192.168.11.100 <html><body><h1>It works!</h1> <p>This is the default web page for this server.</p> <p>The web server software is running but no content has been added, yet.</p> </body></html>

The outputs are like this:

# ./nf_queue_01.py accept : TCP packet, 60 bytes payload: E<@@f( ( wﾂiPｷ[I"ｴ ` accept : TCP packet, 52 bytes payload: E4@@m( ( wﾂiPｷ[Y蘆蚶P. ` ｣z accept : TCP packet, 130 bytes payload: E@@( ( wﾂiPｷ[Y蘆蚶? ` ｣zGET / HTTP/1.1 User-Agent: curl/7.29.0 Host: 192.168.11.100 Accept: */* accept : TCP packet, 52 bytes payload: E4@@k( ( wﾂiPｷ[TY蘚ｱ{N ` ｣| accept : TCP packet, 52 bytes payload: E4@@j( ( wﾂiPｷ[TY蘚ｱ{N ` ｣| accept : TCP packet, 52 bytes payload: E4@@i( ( wﾂiPｷ[UY蘚ｲ{N `