Linux – How to pass to NFQUEUE all incoming connection packets

I develop an application to inspect packets arriving on a linux machine.
I would like to send in NFQUEUE all the incoming connection packets and only the incoming ones. Not only --state NEW but also --state ESTABLISHED, RELATED for connections that are initiated by a client.

One last thing, to make the tcp handshake for all ports I need this rule to works in addition:

iptables -A PREROUTING -t nat -p tcp -match multiport! --dport 64646 -j REDIRECT --to-ports 1234

Flow example:

ssh connection (port 22) initiated by 1.2.3.4 to my server
server passes in nfqueue the SYN and accept
redirect rule (22 -> 1234)
python script is listening on port 1234 so SYN/ACK is sent
client gets SYN/ACK and returns ACK
server passes in nfqueue the ACK and accept
redirect rule (22 -> 1234)
the client returns ACK, DATA
server passes in nfqueue the ACK/DATA
redirect rule (22 -> 1234)
server does not know the protocol and always returns the same message, the connection is closed.

Any help would be very appreciated.

Thank you!

# Accept our ssh on a modified port iptables -A PREROUTING -t raw -p tcp --dport 64646 -j ACCEPT # Mark all packets of incoming NEW connection with mark 1 (netfilter connmark) iptables -A PREROUTING -t mangle -m state --state NEW -j CONNMARK --set-mark 1 # Push into nfqueue all marked packets (netfilter nfqueue) iptables -A PREROUTING -t mangle -m connmark --mark 1 -j NFQUEUE --queue-num 0 # Redirect all incoming connections to the userland listener to make TCP handshake iptables -A PREROUTING -t nat -p tcp --match multiport ! --dport 64646 -j REDIRECT --to-ports 1234

Linux – How to pass to NFQUEUE all incoming connection packets

Best Answer

Related Topic

Best Answer

Related Solutions

Iptables for local connections

Linux – Trying to make iptables stateless is causing unforeseen filtering

Related Topic