On Mon, 7 Jan 2002, Adrian Stovall wrote:
> Hi all...I'm looking for any pointers on where to look for either
> works-in-progress, FAQ's, ruminations, etc. on re-assembling packets
> travelling into a leaf-based device (e-mail messages, http responses, etc)
> so I can do filtering based on content. I have a watchguard firewall that
> does this, and I'm wondering if anyone knows anything about the mechanics of
> this process. Are there modules for this? Is this a gigantic undertaking?
> Any response is appreciated.
If your purpose is to filter, you probably have to use an
application-level proxy to buffer large chunks (if not all) of the content
of the transaction. Otherwise, all you could do when the filter triggered
would be to kill the tcp connection with a FIN packet.
There is a mechanism in kernel 2.2+ that allows you to intercept all
packets meeting certain criteria (like destination port 25) and process
them in userland. You could build a buffering application-level proxy
that could apply filters and then reproduce the transaction on the output
if they passed.
For mail, a simpler solution would probably be to set up an MTA like
qmail, exim or (if you are hardcore) sendmail and point your users to it
and use its mechanisms for filtering.
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
