Prepocessing in ipfw
Dan Nelson
dnelson at allantgroup.com
Wed Jul 14 08:51:56 PDT 2004
In the last episode (Jul 14), Matin Tamizi said:
> How can I use the preprocessing feature in ipfw to run incoming
> packets through my own C program? How can my C program communicate
> to ipfw to drop (deny) and packet or connection?
If you're talking about the -p flag to ipfw, that's just for parsing
config files (like what cpp does with #include and #define for C).
Take a look at divert sockets for a way to capture packets from ipfw
into a program, and then reinject (or drop) them. See the divert and
ipfw manpages. natd uses divert sockets, so you can look at its source
to see how they work.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list