On 02/11/2018 11:40 PM, Jason Timmins wrote: > Is it possible, with Shorewall or otherwise, to capture all DNS packets > and extract the URL they are looking up? We’d like to use this to > monitor user activity via our firewall. >
Because packet filters like those generated by Shorewall deal primarily with packet headers, rather than the packet payload, extracting the URL from DNS queries isn't something Shorewall is particularly well-suited for. Using the NFLOG target, however, Shorwall can log all DNS packets to a log managed by ulogd. The first parameter to NFLOG is the 'netlink group'. By using a unique group number for your DNS packets, you can then configure ulogd to write those packets to their own log. That log can then be processed by a separate program to extract the information you need. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
