DIOCCHANGERULE may be used in PF?
sam wun
sam.wun at authtec.com
Sat Dec 18 20:55:00 PST 2004
Hi,
I m not sure whether ssp_pf.c file should use DIOCADDADDR instead of
DIOCCHANGERULE.
As I looked into authpf.c file in function add_pool(), authpf only use
DIOCADDADDR for adding new rule to PF.
I also want to find out where does DIOCCHANGERULE used in PF, but
nothing is found except in the man page:
# cd src/contrib/pf
# grep -r DIOCCHANGERULE *
man/pf.4:for subsequent DIOCADDADDR, DIOCADDRULE and DIOCCHANGERULE calls.
man/pf.4:DIOCADDRULE or DIOCCHANGERULE call.
man/pf.4:.It Dv DIOCCHANGERULE Fa "struct pfioc_rule"
DIOCCHANGERULE may not be used. If I want to add new rule in PF, I may
be need to use DIOCADDADDR rather than DIOCCHANGERULE.
Any comment?
Thanks
Sam
Max Laier wrote:
>On Saturday 18 December 2004 06:03, sam wun wrote:
>
>
>>Thanks for the sugestion. I use pfctl -ss found some Established state,
>>the sample code works great.
>>I would like to write a C program add rule to PF base on based on user
>>defined anchor and tables. Where can I find more inforamtion and
>>guideline about doing that?
>>
>>
>
>Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is
>quite readable and it should be easy to determine what to hand to the various
>ioctls. In most of the cases you don't really need to write your own C code.
>Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to
>it. Take a look at the spamd port (mail/spamd) which does just that. You
>might need a fdescfs(5) in order to drop root privs and use the -p option.
>But that should all be obvious from the spamd code.
>
>
>
More information about the freebsd-pf
mailing list