By liran bh | 2/27/2017 | Linux Kernel & Internals


This example shows how to create a network filter in IPv4. We can add filters in 5 points: input flow before and after routing, output flow before and after routing and while forwarding a packat from one adapter to another

#include <linux/module.h>
#include <linux/skbuff.h>          
#include <linux/init.h>
#include <net/sock.h>
#include <linux/inet.h>
#include <linux/ip.h>             
#include <linux/kernel.h> 
#include <linux/netfilter.h>
#include <uapi/linux/netfilter_ipv4.h> 

unsigned int main_hook(unsigned int hooknum,
                       struct sk_buff *skb,
                       const struct net_device *in,
                       const struct net_device *out,
                       int (*okfn)(struct sk_buff*))
    struct iphdr *iph;
    iph = ip_hdr(skb);
    if(iph->saddr == in_aton(""))
        return NF_DROP; 
    return NF_ACCEPT;

static struct nf_hook_ops netfops;                    

int __init my_module_init(void)
    netfops.hook              =       main_hook;                =       PF_INET;        
    netfops.hooknum           =       0;
    netfops.priority          =       NF_IP_PRI_FIRST;
    return 0;
void __exit my_module_exit() 


After adding the module (insmod) it will drop any package from ip

Note that you need to enable netfilter suppot in the kernel configuration


{{CommentsModel.TotalCount}} Comments

Your Comment


Recent Stories

Top DiscoverSDK Experts

User photo
Ashton Torrence
Web and Windows developer
GUI | Web and 11 more
View Profile
User photo
Mendy Bennett
Experienced with Ad network & Ad servers.
Mobile | Ad Networks and 1 more
View Profile
User photo
Karen Fitzgerald
7 years in Cross-Platform development.
Mobile | Cross Platform Frameworks
View Profile
Show All

Compare Products

Select up to three two products to compare by clicking on the compare icon () of each product.


Now comparing:

{{product.ProductName | createSubstring:25}} X
Compare Now