Netfilter Test

netfilter.md

Install Packages

sudo apt-get install build-essential python3-dev libnetfilter-queue-dev
# In a Python venv:
pip install netfilterqueue scapy

Create python app.py

from scapy.all import *
from netfilterqueue import NetfilterQueue

def process_packet(packet):
    scapy_pkt = IP(packet.get_payload())
    if scapy_pkt.ttl == 63:
        packet.accept()
        return
    
    print(packet.get_payload().hex())

    scapy_pkt[IP].ttl = 63
    del(scapy_pkt[IP].chksum)
    send(scapy_pkt, verbose=False)
    packet.drop()

nfqueue = NetfilterQueue()
nfqueue.bind(1, process_packet)

try:
    print("Waiting for packets...")
    nfqueue.run()
except KeyboardInterrupt:
    print("Stopping...")
    nfqueue.unbind()

Set up ip table rules

sudo iptables -I OUTPUT -s 127.0.0.1 -d 127.0.0.1 -p tcp --dport 5050 -j NFQUEUE --queue-num 1
sudo iptables -I OUTPUT -s 127.0.0.1 -d 127.0.0.1 -p tcp --sport 5050 -j NFQUEUE --queue-num 1

Run

In three separate terminals run the python app, the TCP server, and the TCP client:

sudo su
python app.py

nc -l 127.0.0.1 5050

nc 127.0.0.1 5050

Shutdown

Use sudo iptables -L -v -n --line-numbers to display rules. Use sudo iptables -D OUTPUT 1 to delete line 1 in the OUTPUT table rule (for example)