Re[2]: Listening outside ipfw / program interface to ipfw

From: dima (_pppp_at_mail.ru)
Date: 01/14/05

  • Next message: Vladimir Terziev: "Re: Listening outside ipfw / program interface to ipfw" 
    To: altares@e-card.bg
Date: Fri, 14 Jan 2005 16:28:05 +0300

    > >>2) Is there an api to ipfw that will let me manipulate rules, query
    > >>stats etc? I need something faster than running the command line binary?
    > > Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page.
    > > ipfirewall(4) is what you are looking for, but looking at ipfw(8)
    > > source code might help too.
    > On what version of FreeBSD are you looking the
    > ipfirewall(4) man page?
    >
    > Recently I needed the C api to ipfw, but it
    > turns out that ipfirewall(4) man page no longer
    > describes it. This is on 5.3-STABLE and 4.10-STABLE.
    > I also searched in google and I think I had found
    > a post saying that currently the only way to manipulate/use
    > firewall rules is via ifpw(8) command.
    >
    > If someone can provide me a reference to the C api
    > of ipfw I will be thankfull.
    C API for ipfw(8) is getsockopt() & setsockopt(); see /usr/src/sbin/ipfw/ipfw2.c for details.
    The optname in your software would look like IP_FW_GET, IP_FW_ADD etc.

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Vladimir Terziev: "Re: Listening outside ipfw / program interface to ipfw"

    Relevant Pages

    • Re: BSDI 4.3 Kernel API -> FreeBSD X.X Kernel API?
      ... >I have ported my drivers from Windows to Linux to Solaris to FreeBSD so I am ... >FreeBSD that the port was fairly simple. ... Different API all over. ... Hence you need the BSD/OS 4.3.X Source Code. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Listening outside ipfw / program interface to ipfw
      ... Rumen Telbizov wrote: ... > On what version of FreeBSD are you looking the ... > If someone can provide me a reference to the C api ... > of ipfw I will be thankfull. ...
      (FreeBSD-Security)
    • Re: Identifying call of copy of ((){ })();
      ... The code is effectively identical for both but API has a few subtle differences that I need to take into account. ... Is there a someway to tell if the public methods are called ... might expose that source code the work needed to extract the information would be a huge overhead. ... It would probably be simpler to wrap the fist object in a second that implemented an identical public interface and then you could know which was called based on the identity of the functions that made up the two interfaces. ...
      (comp.lang.javascript)
    • Re: IpFilter / IpFireWall
      ... except for ones which are related in connections that were established as ... some badly configured servers test for ident (port ... See the security section in the FreeBSD handbook, ... compiling your kernel, and the ipfw manpage, for more details. ...
      (FreeBSD-Security)
    • FreeBSD Security Advisory: FreeBSD-SA-01:08.ipfw [REVISED]
      ... included in FreeBSD 4.0 and above. ... based on an old version of ipfw and does not contain as many features. ... Due to overloading of the TCP reserved flags field, ... incorrectly treat all TCP packets with the ECE flag set as being part ...
      (FreeBSD-Security)