Is there an API for ipfw?
Julian Elischer
julian at elischer.org
Fri Mar 31 00:40:55 UTC 2006
Mikhail Teterin wrote:
>Hi!
>
>I'm writing an application that, needs to be able to quickly alter the
>bandwidth between another machine and the host.
>
>The only way I can do that -- without another machine's cooperation -- is by
>using the firewall, such as the dummynet functionality of ipfw.
>
>Is there any way to create/alter such a pipe from a C-program without using
>system("ipfw ....")?
>
>If not ipfw, perhaps, other firewall modules in FreeBSD-6.x?
>
>Thanks a lot!
>
> -mi
>
>_______________________________________________
>freebsd-net at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
I use
popen("ipfw -q /dev/stdin", "w");
That way you only run it once and it is always ready
and waiting to get the next command.
The downside is that you need to keep track of what rules you have
because if you try delete
a rule that does not exist, then ipfw will quit.
For this reason I put the write() in a loop, that re-opens the pipe if
ipfw dies,
and I only try delete rules that I know I put in.
I also made a small change to ipfw (in -current) that makes it not quit
when table entries are added where they already exist and when you try
delete a non existant table entry. (but only in -q mode)
It would be really cool to have an ipfw library that ipfw called and
could be imported
into other programs.. (with python, tcl and perl bindings (ok ruby too)).
one for the "ideas" list I guess.
More information about the freebsd-net
mailing list