Add new PF rules from C.

Fri Dec 17 23:08:01 PST 2004

Hi,

actually pf manual page has all the information you need (ioctl's).
Eventually you might want to take a look into pf code.

On Sat, 18 Dec 2004 13:03:31 +0800, sam wun <sam.wun at authtec.com> wrote:
> Hi,
> 
> Thanks for the sugestion. I use pfctl -ss found some Established state,
> the sample code works great.
> I would like to write a C program add rule to PF base on based on user
> defined anchor and tables. Where can I find more inforamtion and
> guideline about doing that?
> 
> Thanks
> Sam
> 
> Max Laier wrote:
> 
> >[ Please choose one mailinglist, freebsd-pf is appropriate - MOVED ]
> >
> >On Saturday 18 December 2004 05:49, sam wrote:
> >
> >
> >>Hi,
> >>
> >>I found some sample code in the man pf page (just scoll down to the end
> >>of the page, you will see it).
> >>
> >>After compiled it and give it a shoot, it returned error:
> >>
> >># pfctl -sn
> >>nat on tun0 inet from 192.168.9.0/24 to any -> (tun0) round-robin
> >>nat on tun0 inet from 192.168.4.0/24 to any -> (tun0) round-robin
> >>nat on tun0 inet from 172.16.0.0/24 to any -> (tun0) round-robin
> >>rdr on tun0 inet proto tcp from any to 1.2.3.4 port = 3000 ->
> >>192.168.4.254 port 25
> >>
> >># ./a.out
> >>./a.out <gwy addr> <gwy port> <ext addr> <ext port>
> >>
> >>./a.out 192.168.4.254 25 1.2.3.4 3000
> >>a.out: DIOCNATLOOK: No such file or directory
> >>
> >>
> >
> >That's ENOENT which simply means that pf was not able to find a state that
> >matches your lookup. You should have an *open* connection to have a state
> >around. Crosscheck with $pfctl -ss
> >
> >
> >
> >>I may be have overlooked something.
> >>
> >>Your suggestion is highly appreciated.
> >>
> >>
> >
> >
> >
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> 

-- 
Claudiu Dragalina-Paraipan
e-mail: dr.clau at gmail.com