Method III: Extending iptables with libipq

In additional to ACCEPT, and DROP, iptables supports the QUEUE target

Matching packets are passed to a user space program for processing, which returns a verdict of either ACCEPT or DROP

libipq provides a user space API for this kernel interaction

The net result is that it's now possible to write user space iptables extensions

User space target handlers can be written in perl using the IPTables::IPv4::IPQueue and NetPacket::IP modules