Date: Fri, 14 Jan 2005 16:28:05 +0300 From: dima <_pppp@mail.ru> To: altares@e-card.bg Cc: freebsd-security@freebsd.org Subject: Re[2]: Listening outside ipfw / program interface to ipfw Message-ID: <E1CpRUj-000G2E-00._pppp-mail-ru@f23.mail.ru> In-Reply-To: <41E78BCA.2080903@e-card.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
> >>2) Is there an api to ipfw that will let me manipulate rules, query > >>stats etc? I need something faster than running the command line binary? > > Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page. > > ipfirewall(4) is what you are looking for, but looking at ipfw(8) > > source code might help too. > On what version of FreeBSD are you looking the > ipfirewall(4) man page? > > Recently I needed the C api to ipfw, but it > turns out that ipfirewall(4) man page no longer > describes it. This is on 5.3-STABLE and 4.10-STABLE. > I also searched in google and I think I had found > a post saying that currently the only way to manipulate/use > firewall rules is via ifpw(8) command. > > If someone can provide me a reference to the C api > of ipfw I will be thankfull. C API for ipfw(8) is getsockopt() & setsockopt(); see /usr/src/sbin/ipfw/ipfw2.c for details. The optname in your software would look like IP_FW_GET, IP_FW_ADD etc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1CpRUj-000G2E-00._pppp-mail-ru>