Kroon Information Systems

What is ulogport anyway?

ulogport was written as part of my portknock program in order to allow portknock to extension of other firewall methodologies. The basic idea is to tap into netfilter via the ULOG target. At this stage it will only look for tcp packets (to be extended to udp at least), look up the destination port and source ip and print this out.

I would like to extend this to a proper formattable logger, but I suspect there might already be something similar that'll log to syslog (ulog comes to mind).

How to use ulogport

ulogport will only run on linux (afaik, other unix clones *might* work as well.

It needs to be run as root (or as a user with the capability to bind to netlink sockets). As it's only parameter it takes the nlgroup mask to use (see the README file).

Bugs (in order of priority)

  1. Documentation.
  2. Ugly code (needs to be organized in a better way allowing extension).
  3. Output formatting.
  4. Protocol support.


Download: ulogport-1.0.tar.gz (6.7KB)