netfilter-lua/ECHO.txt at master · sam-github/netfilter-lua · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Example of doing userspace connection tracking.

Use a combination of nfq and nfct to do userspace connection tracking for a
sample RPC-like service over TCP, that uses ephemeral persistent ports.

The server is the echoserver running on localhost, client is the echoclient.

Start server:

    ./echoserver 9999

Test client:

    ./echoclient localhost 9999 hello world

Kill it after a few connections.

Start conntracker:

    sudo ./echoconntracker-run

The -run utility will set your iptables rules to echoconntracker.rules, and
restore them to echoconntracker.restore.

Try client again... kill conntracker...

To clear the conntracker's rules:

    sudo ./echoconntracker port=9999 verbose=y clear=y