I want to drop outgoing IP packets from my machine based on some criteria.

Question

0

Asked: May 28, 20262026-05-28T16:42:47+00:00 2026-05-28T16:42:47+00:00

I want to drop outgoing IP packets from my machine based on some criteria.

0

I want to drop outgoing IP packets from my machine based on some criteria. I checked the capabilities provided by iptables but unfortunately it doesn’t have what I am looking for.

So what I want is access to packets (at least those generate on my machine and going out). And based on some criteria the ability to drop them.

Should I be looking at modifying the iptables source code to add this functionality OR should I make a Linux kernel module to do this? or is there something else I should look into?

I want some general guidance but any specifics like a particular file in iptables where such functionality can be added will be very useful too!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-28T16:42:48+00:00

Editorial Team

2026-05-28T16:42:48+00:00Added an answer on May 28, 2026 at 4:42 pm

You can use the NFQUEUE target of the netfilter. It sends packets to a userland program which can parse the payload and return a decision like DROP or ACCEPT.

You can find documentation and examples on the netfilter website.

This functionality is mentionned at the beginning of man iptables…

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to drop outgoing IP packets from my machine based on some criteria.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply