On 02/11/2018 11:40 PM, Jason Timmins wrote:

> Is it possible, with Shorewall or otherwise, to capture all DNS packets
> and extract the URL they are looking up? We’d like to use this to
> monitor user activity via our firewall.

Because packet filters like those generated by Shorewall deal primarily
with packet headers, rather than the packet payload, extracting the URL
from DNS queries isn't something Shorewall is particularly well-suited for.

Using the NFLOG target, however, Shorwall can log all DNS packets to a
log managed by ulogd. The first parameter to NFLOG is the 'netlink
group'. By using a unique group number for your DNS packets, you can
then configure ulogd to write those packets to their own log. That log
can then be processed by a separate program to extract the information
you need.

Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Shorewall-users mailing list

Reply via email to