I’d like iptables to call my own program when certain packet arrives, pass packet body to it, and alternate behavior in accordance to returned result.
Is it possible? And how?
Answer
iptables is the user-space application which controls Linux firewall. Linux firewall named netfilter is a Kernel hooks which performs specific actions on received traffic and it can not call any application when a packet is received.
You can use a module (target) like NFQUEUE to queue matched packets to be received by a user application for further processing.
Attribution
Source : Link , Question Author : ardabro , Answer Author : Khaled
