Find the answer to your Linux question:
Results 1 to 4 of 4
Need a point in the right direction. I have been given a project for school to modify the linux kernel to block IP ports. I am suppose to create whatever ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2004
    Posts
    5

    Port Blocking


    Need a point in the right direction. I have been given a project for school to modify the linux kernel to block IP ports. I am suppose to create whatever system calls or kernel modules I need and, modify whatever system calls or kernel modules I need to modify to do this task. I am suppose to have a text file that will have the port number and IN/OUT/BOTH as to what to block. All ports are blocked unless specified in the text file. I am new to the linux operating system, so far the only thing in Linux that I know how to do is create a system call, and rebuild the kernel, and thats about it. I am not looking for an answer to this problem, just a point in the right direction. I know a little bit about networking, but not from a Linux perspective. Can anyone please help!

    I am running redhat 8 kernel 2.4.21

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    First off, IP blocking has been in the kernel for ages. Check out netfilter.org. Secondly, your question is muddled and poorly phrased. If you want help, please be rephrase your question.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  3. #3
    Just Joined!
    Join Date
    Nov 2004
    Posts
    5
    You can allow and deny in /etc/hosts.allow and /etc/hosts.deny files.

    cheers
    naveen

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2003
    Location
    Sydney, Australia
    Posts
    52
    Hi rjston,


    Sounds like a job for an "iptables" script to me.
    The link to "netfilter.org" above should cover all that.

    "iptables" exists as a separate package to the
    kernel and will be available either pre-compiled or
    as source. The kernel only provides a set of "hooks"
    that allows for it's use. It is an excellent kernel
    level, extensible, firewalling facility.

    It is so good, you can even block your self out
    of your own machine. Nothing that "single" user mode can't fix though .

    It will try to install a boot script in your
    "init.d" directory, ok if your into stuff like that.
    I prefer to start it manually, when needed though.
    But each to their own i guess .

    A visit to http://projectfiles.com/firewall/
    may be useful. They have an script available for
    down load, which can act as a template for
    personal modifications.

    iptables is a very straight forward blocking system,
    quite easy to understand and configure.
    After the initial exposure period.

    You may find it worth while to look into some packages
    like "guardog", for a qt/kde gui front end, to
    automate the configuration process. Not sure on it's
    site at the moment. It'll be on google somewhere
    though

    After all that, check out //grc.com to test your
    system.


    jm

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •