Add new PF rules from C.
Max Laier
max at love2party.net
Sat Dec 18 08:14:55 PST 2004
On Saturday 18 December 2004 06:03, sam wun wrote:
> Thanks for the sugestion. I use pfctl -ss found some Established state,
> the sample code works great.
> I would like to write a C program add rule to PF base on based on user
> defined anchor and tables. Where can I find more inforamtion and
> guideline about doing that?
Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is
quite readable and it should be easy to determine what to hand to the various
ioctls. In most of the cases you don't really need to write your own C code.
Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to
it. Take a look at the spamd port (mail/spamd) which does just that. You
might need a fdescfs(5) in order to drop root privs and use the -p option.
But that should all be obvious from the spamd code.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041218/5b295d9b/attachment.bin
More information about the freebsd-pf
mailing list