Add new PF rules from C.
sam wun
sam.wun at authtec.com
Sat Dec 18 20:13:27 PST 2004
Max Laier wrote:
>On Saturday 18 December 2004 06:03, sam wun wrote:
>
>
>>Thanks for the sugestion. I use pfctl -ss found some Established state,
>>the sample code works great.
>>I would like to write a C program add rule to PF base on based on user
>>defined anchor and tables. Where can I find more inforamtion and
>>guideline about doing that?
>>
>>
>
>Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is
>quite readable and it should be easy to determine what to hand to the various
>ioctls. In most of the cases you don't really need to write your own C code.
>Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to
>it. Take a look at the spamd port (mail/spamd) which does just that. You
>might need a fdescfs(5) in order to drop root privs and use the -p option.
>But that should all be obvious from the spamd code.
>
>
>
Thanks for the guideline. I think I will go for the hard way instead of
using exec(), it will be more efficient at the end.
The add_rule() function is quite useful to look at.
Thanks again
Sam.
More information about the freebsd-pf
mailing list