fastnetmon icon indicating copy to clipboard operation
fastnetmon copied to clipboard

Published 20 hours ago verified publisher icon pavel-odintsov

Feature request: separate incoming/outgoing whitelist

Open akhepcat opened this issue 9 years ago • 9 comments

add an optional "ignore_(incoming|outgoing)" flag to each CIDR block in the /etc/networks_whitelist

this would allow high-speed one-way clients to still have protection in the opposite direction.

akhepcat avatar Nov 02 '15 19:11 akhepcat

Hello!

If you are interested in netflow or sflow you could wrote own hook script https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_hooks.lua or https://github.com/pavel-odintsov/fastnetmon/blob/master/src/sflow_hooks.lua and filter out some packets according to source or destination IP or direction.

pavel-odintsov avatar Nov 02 '15 19:11 pavel-odintsov

I would also be interested in this as I have some servers on a ddos protected network but sometimes an attack can leak for a few seconds but I would want to avoid them being nullrouted as usually the large network port copes fine so would only want outbound to be filtered to stop any outbound abuse.

cuddylier avatar Nov 03 '15 02:11 cuddylier

Do you need it for port mirror?

pavel-odintsov avatar Nov 03 '15 07:11 pavel-odintsov

I would just be using sflow so whatever that is, I don't think port mirroring?

cuddylier avatar Nov 03 '15 07:11 cuddylier

Yes. So you could use mentioned earlier approach and parse data with LUA :)

pavel-odintsov avatar Nov 03 '15 08:11 pavel-odintsov

Never used LUA, actually.

is there an example available in the repo?

akhepcat avatar Nov 03 '15 17:11 akhepcat

I have shared two links above :)

pavel-odintsov avatar Nov 03 '15 17:11 pavel-odintsov

Ah, those are examples, and not the hook interface. Sorry, naming got me.

akhepcat avatar Nov 03 '15 17:11 akhepcat

Yes it's example script for lua ;)

pavel-odintsov avatar Nov 03 '15 17:11 pavel-odintsov