Date: Wed, 19 Jul 2006 12:05:34 +0530 From: "Rajkumar S" <rajkumars@gmail.com> To: "Travis H." <solinym@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Program to add/delete a rule from pf Message-ID: <64de5c8b0607182335q4fae2ed9w233f2ea6438504ad@mail.gmail.com> In-Reply-To: <d4f1333a0607181750x4304cf63v60e5abd7b643ff6b@mail.gmail.com> References: <64de5c8b0607181030h64d7d539r788ba7bbc6841e4d@mail.gmail.com> <200607181950.10304.max@love2party.net> <d4f1333a0607181750x4304cf63v60e5abd7b643ff6b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/19/06, Travis H. <solinym@gmail.com> wrote: > Another way is to use my dfd_keeper program, located at my homepage > below. It allows you to make arbitrary modification to the pf rules. > It doesn't use ioctls; it remembers all the rules, make modification > to them at run-time, and re-loads the ruleset completely. No anchors > are really necessary, but you might want to use a few so you can > "patch" the rulest temporarily without modifying your dfd_keeper > script (I provide the library, you provide the client script). There > is an example. It's meant for making run-time rule changes, and even > takes care of things like flushing states if you remove a pass rule, > etc. I would appreciate feedback on it. Thanks for the link, but there are couple of problems preventing me from using it. 1. My motive is to get a snortsam plugin for freebsd pf to block an offending connection, and contribute it back to snortsam. So I do not want to use Zope or twisted. 2. The license of the code does not permit me to contribute it back to snortsam, which BSD licenced. btw, is there any other program (other than pfctl) that interfaces with pf using ioctl to add a rule (not a table entry) so that I can look into the code? raj
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64de5c8b0607182335q4fae2ed9w233f2ea6438504ad>