installing and configuring ndpi-netfilter for traffic controlling on RedHat/CentOS 7

nDPI is a ntop-maintained superset of the popular OpenDPI library. Lots of projects have been done using this NDPI(Open and Extensible LGPLv3 Deep Packet Inspection Library). nDPI is used for application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds. List of protocols that can be detected using ndpi can be seen on ndpi page here.(http://www.ntop.org/products/deep-packet-inspection/ndpi/)

 Here i explain how to set up your own traffic controller using ndpi-netfilter which is very handy open project on github. Here we are setting it on on RedHat/CentOS 7 as a linux kernel module and use with linux iptables. If you want to setup it on Ubuntu follow this separate tutorial as it is little bit different than on CentOS/RedHat

Installing and configuring ndpi-netfilter on Ubuntu 


Steps to get and compile the ndpi-netfilter source.

 Step1:
Update the system with latest modules and install required packages. run the bellow commands
yum update
yum install kernel-devel 
(kernel-devel package and the running kernel must be the same version)
yum groupinstall "Development Tools"
yum install libpcap libpcap-devel iptables-devel git

Step 2:
Get the ndpi-netfilter from github
cd /usr/src/kernels/
git clone https://github.com/betolj/ndpi-netfilter.git

 Step 3:
Compile and install
cd /usr/src/kernels/ndpi-netfilter/
tar xvfz nDPI.tar.gz
cd nDPI/
./autogen.sh
make
make install
cd ..
NDPI_PATH=/usr/src/kernels/ndpi-netfilter/nDPI make
make modules_install
cp /usr/src/kernels/ndpi-netfilter/ipt/libxt_ndpi.so /usr/lib64/xtables/
modprobe xt_ndpi

Check whether xt_ndpi module is loaded running ​ lsmod. If the module is loaded
everything is fine and run bellow example iptable rules to check whether it is
working.

iptables -m ndpi --help # will print help and all the protocols which can be used.
service firewalld stop # stop firewalld serveice
 
iptables -A INPUT -m ndpi --youtube -j DROP  # Block youtube
iptables -A INPUT -m ndpi --facebook -j DROP # Block facebook
iptables -A INPUT -m ndpi --skype -j DROP # Block skype

Now you can set your own rule to block or accept any service under the protocol list.

Thanks.........
Leave a comment if you have any questions.


Comments

Post a Comment

Popular posts from this blog

Installing and Configuring ndpi-netfilter for traffic controlling on ubuntu

nDPI is a ntop-maintained superset of the popular OpenDPI  library. Lots of projects have been done using this NDPI( Open and Extensible LGPLv3 Deep Packet Inspection Library ).  nDPI is used for application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds. List of protocols that can be detected using ndpi can be seen on ndpi page here.( http://www.ntop.org/products/deep-packet-inspection/ndpi/ ) Here i explain how to set up your own traffic controller using ndpi-netfilter which is very handy open project on github. Here we are setting it on on ubuntu 14.04LTS or newer as a linux kernel module and use with linux iptables.  If you want to setup it on RedHat/CentOS follow this separate tutorial as it is little
Read more

Configuring Check Point SSL Network Extender on Ubuntu 14.04/10

Image
Configuring Check Point SSL network extender on windows will not be a problem, but configuring on linux may really a big problem if you couldn't install necessary dependencies and plugins. I, here describe how it was properly install on Ubuntu 14.04/10 and Linux Mint 17.2. I expect other Linux distributions will support this method. Follow the bellow steps. 1. You need to update the Ubuntu system first. use software updater or type the bellow command on terminal.   sudo apt-get update  sudo apt-get upgrade  sudo apt-get dist-upgrade  sudo apt-get autoclean 2. install JDK and icedTea plugin. you need to install jdk 6, because check point extender will not support for java version 7 and will give an error as "java unavailable".  sudo apt-get install openjdk-6-jre openjdk-6-jdk icedtea-plugin 3. Install necessary libraries.  sudo apt-get install libpam0g:i386 libx11-6:i386 libstdc++5:i386 4. restart the Ubuntu so that the changes to be taken effect.
Read more