# 20141022: ã€æœªå®Œã€‘iptables + pythonã™ã‚‹

## èƒŒæ™¯

å…ˆé€±ã‹ã‚‰ã®æµè¡Œã¯SSLv3.0ã§ã‚ã‚‹ã®ã§ã€Mallory(ãƒžãƒãƒªãƒ¼)ã®æ°—æŒã¡ã«ãªã£ã¦ã¿ã‚‹ã€‚
BEASTã¯CBCã‹ã¤ã€AESå…±é€šéµæš—å·ãªã©ã§ãªã‚‰ãªã‘ã‚Œã°ãªã‚‰ãªã„ã€‚
å®Ÿéš›ã«èƒ½å‹•çš„ãªæ”»æ’ƒè€…ãŒãƒ—ãƒãƒˆã‚³ãƒ«ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è½ã¨ã›ã‚‹ã‹è€ƒå¯Ÿã™ã‚‹ã€‚

## ä½œæˆ¦

Queueã§ã‚¤ãƒ³ã‚¸ã‚§ã‚¯ã‚·ãƒ§ãƒ³ã€æ”¹ã–ã‚“ã™ã‚‹ã€‚


## SSLã‚µãƒ¼ãƒã‚’ãŸã¦ã‚‹

http://pokotsun.mydns.jp/?p=775

ãªã©ã‚’å‚è€ƒã«ã™ã‚Œã°ã‚ˆã„

```
 sudo su
 a2enmod ssl
 a2ensite default-ssl
 cd /etc/apache2/
 mkdir ssl
 cd ssl
 opennssl genrsa -des3 1024 > server.key
 > ã„ã£ãŸã‚“é©å½“ã«å…¥ã‚Œã‚‹
 mv server.key server.key.old
 openssl rsa -in server.key.old -out server.key
 openssl req -utf8 -new -key server.key -out server.csr
 openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 3650
 chmod 400 ./server.*
 service apache2 restart
```

```
 apt-get install build-essential python-dev libnetfilter-queue-dev
 easy_install pip
 pip install NetfilterQueue

 iptables -I INPUT -p tcp --dport 443 -j NFQUEUE --queue-num 1
 # iptables -F
 # ã§ãƒ•ãƒ©ãƒƒã‚·ãƒ¥
```



http://d.hatena.ne.jp/silphire/20081221/1229828624


http://netfilter.org/projects/libnetfilter_queue/doxygen/

ã‚’ã¿ã‚‹ã“ã¨ã€‚