Date: Sun, 19 Dec 2004 12:12:15 +0800 From: sam wun <sam.wun@authtec.com> To: freebsd-pf@freebsd.org Subject: Re: Add new PF rules from C. Message-ID: <41C4FF9F.1050807@authtec.com> In-Reply-To: <200412181714.51674.max@love2party.net> References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> <41C3BA23.5070207@authtec.com> <200412181714.51674.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: >On Saturday 18 December 2004 06:03, sam wun wrote: > > >>Thanks for the sugestion. I use pfctl -ss found some Established state, >>the sample code works great. >>I would like to write a C program add rule to PF base on based on user >>defined anchor and tables. Where can I find more inforamtion and >>guideline about doing that? >> >> > >Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is >quite readable and it should be easy to determine what to hand to the various >ioctls. In most of the cases you don't really need to write your own C code. >Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to >it. Take a look at the spamd port (mail/spamd) which does just that. You >might need a fdescfs(5) in order to drop root privs and use the -p option. >But that should all be obvious from the spamd code. > > > Thanks for the guideline. I think I will go for the hard way instead of using exec(), it will be more efficient at the end. The add_rule() function is quite useful to look at. Thanks again Sam.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C4FF9F.1050807>