lost and found ( for me ? )

netfilter queue ( python nfqueue )

small tips. here is how to use python nfqueue.

client : 192.168.11.30
nfqueue box : 192.168.11.100


# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 12.04.2 LTS"

# uname -ri
3.2.0-48-generic x86_64

install C compiler, Python dev and Libnetfilter queue etc.
# apt-get install build-essential python-dev libnetfilter-queue-dev nfqueue-bindings-python python-nfqueue python-netfilter

# pip install NetfilterQueue

add a iptables rule.
# iptables -I INPUT -d 192.168.10.0/24 -j NFQUEUE --queue-num 1

The following script will print and accept packets queued in number 1.
# cat -n nf_queue_01.py
    1  #!/usr/bin/env python
    2
    3  from netfilterqueue import NetfilterQueue
    4
    5  def print_and_accept(pkt):
    6          pkt.accept()
    7          pkt_payload = pkt.get_payload()
    8          print "accept : %s" % pkt
    9          print "payload: %s" % pkt_payload
   10
   11  nfqueue = NetfilterQueue()
   12  nfqueue.bind(1, print_and_accept)
   13
   14  try:
   15          nfqueue.run()
   16  except KeyboardInterrupt:
   17          print

run the script
# ./nf_queue_01.py

from the client , access to the nfqueue box.
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>

The outputs are like this:
# ./nf_queue_01.py
accept : TCP packet, 60 bytes
payload: E<@@f(
(
wツiPキ[I"エ
`

accept : TCP packet, 52 bytes
payload: E4@@m(
(
wツiPキ[Y蘆蚶P.
`
」z
accept : TCP packet, 130 bytes
payload: E@@(
(
wツiPキ[Y蘆蚶?
`
」zGET / HTTP/1.1
User-Agent: curl/7.29.0
Host: 192.168.11.100
Accept: */*


accept : TCP packet, 52 bytes
payload: E4@@k(
(
wツiPキ[TY蘚ア{N
`
」|
accept : TCP packet, 52 bytes
payload: E4@@j(
(
wツiPキ[TY蘚ア{N
`
」|
accept : TCP packet, 52 bytes
payload: E4@@i(
(
wツiPキ[UY蘚イ{N
`

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.