On Jun 19 2007 10:14, Marc Perkel wrote: >> >> tcpdump -lni any port 25 >> iptables -p tcp --dport 25 -j NFQUEUE >> ... >> > >Thanks Jan, but I'm not sure it answers my question.
There's more than one way to do it. One is... tcpdump -lni eth0 tcp [extra operands to match SYN packets] | myprogram a longer one is to write your own netfilter userspace program that receives the TCP SYNs (by means of -j NFQUEUE) and does take action. Another one is to use -j LOG and let your program parse down /var/log/firewall. Like iptables -A INPUT -p tcp --dport 25 --syn -j LOG --log-prefix "[evil]" tail -f /var/log/firewall | grep '^\[evil\]' | myscript myscript: #!/usr/bin/perl while (defined(my $line = <>)) { my($ip) = ($line =~ /SRC=(\S+)/); # Do something } >I want to run a script every time a connection attempt is made in real time The scripts runs constantly, preferably. >with the IP address as a parameter to the script. How would I do that? Suppose >my script is: > >iplog <ipaddress> > > > > > >____________________________________________________________________________________ >Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, >news, photos & more. >http://mobile.yahoo.com/go?refer=1GNXIC > Jan -- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/