--- Jan Engelhardt <[EMAIL PROTECTED]> wrote: > > On Jun 19 2007 10:14, Marc Perkel wrote: > >> > >> tcpdump -lni any port 25 > >> iptables -p tcp --dport 25 -j NFQUEUE > >> ... > >> > > > >Thanks Jan, but I'm not sure it answers my > question. > > There's more than one way to do it. > > One is... > tcpdump -lni eth0 tcp [extra operands to match SYN > packets] | > myprogram > > a longer one is to write your own netfilter > userspace program > that receives the TCP SYNs (by means of -j NFQUEUE) > and does > take action. > > Another one is to use -j LOG and let your program > parse > down /var/log/firewall. Like > > iptables -A INPUT -p tcp --dport 25 --syn -j LOG > --log-prefix "[evil]" > tail -f /var/log/firewall | grep '^\[evil\]' | > myscript > > myscript: > #!/usr/bin/perl > > while (defined(my $line = <>)) { > my($ip) = ($line =~ /SRC=(\S+)/); > # Do something > } > > >I want to run a script every time a connection > attempt is made in real time > > The scripts runs constantly, preferably. > > >with the IP address as a parameter to the script. > How would I do that? Suppose > >my script is: > > > >iplog <ipaddress> > > > > > > > > > > > >____________________________________________________________________________________ > >Take the Internet to Go: Yahoo!Go puts the Internet > in your pocket: mail, news, photos & more. > >http://mobile.yahoo.com/go?refer=1GNXIC > >
Thanks Jan, I think what you sent me is workable. I noticed it goes to the file /var/log/messages. Is there a way to make it go to a specific file? Thanks a lot for your help. I've been experimenting with some new and very interesting ways to catch spam and this could be yet another breakthrough. ____________________________________________________________________________________ Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/