Listening outside ipfw / program interface to ipfw
dima
_pppp at mail.ru
Fri Jan 14 05:28:07 PST 2005
> >>2) Is there an api to ipfw that will let me manipulate rules, query
> >>stats etc? I need something faster than running the command line binary?
> > Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page.
> > ipfirewall(4) is what you are looking for, but looking at ipfw(8)
> > source code might help too.
> On what version of FreeBSD are you looking the
> ipfirewall(4) man page?
>
> Recently I needed the C api to ipfw, but it
> turns out that ipfirewall(4) man page no longer
> describes it. This is on 5.3-STABLE and 4.10-STABLE.
> I also searched in google and I think I had found
> a post saying that currently the only way to manipulate/use
> firewall rules is via ifpw(8) command.
>
> If someone can provide me a reference to the C api
> of ipfw I will be thankfull.
C API for ipfw(8) is getsockopt() & setsockopt(); see /usr/src/sbin/ipfw/ipfw2.c for details.
The optname in your software would look like IP_FW_GET, IP_FW_ADD etc.
More information about the freebsd-security
mailing list