how ipfw firewall is implemented in the kernel
Biks N
freebsd.dev at gmail.com
Wed Jan 14 12:20:33 PST 2009
Thanks a lot!
That was really very helpful!!!
On Wed, Jan 14, 2009 at 1:42 PM, Max Laier <max at love2party.net> wrote:
> On Wednesday 14 January 2009 18:32:07 Biks N wrote:
>> Hi,
>>
>> Can anyone please help me understand how the IPFW firewall is
>> implemented in the kernel.
>>
>> I have created new ACTIONS in ipfw. I have already implemented in the
>> userland.
>>
>> Now i need to check the IPFW rule list (in ip_input.c and in
>> ip_output.c) and call a custom routine if there is a match to those
>> rules.
>>
>> I would really appreciate if anyone could point me to right
>> direction/reference.
>
> ipfw is hooked into the pfil(9) hook points in ip_{in,out}put() (look for
> calls to pfil_run_hooks() in the respective files).
>
> From there the call path goes on to the ipfw_check_* functions defined in
> netinet/ip_fw_pfil.c
>
> Finally ipfw_chk() in netinet/ip_fw2.c where the ruleset is processed and
> where you should add your required processing.
>
> --
> /"\ Best regards, | mlaier at freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mlaier at EFnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
>
More information about the freebsd-hackers
mailing list