Date: Mon, 27 Aug 2001 05:43:36 -0500 From: Bill Fumerola <billf@mu.org> To: John Massier <j_massier@hotmail.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: setsockopt / ipfirewall example Message-ID: <20010827054336.J2759@elvis.mu.org> In-Reply-To: <F225XLsxpTljBOh8s4K0001280c@hotmail.com>; from j_massier@hotmail.com on Mon, Aug 27, 2001 at 11:48:04AM %2B0200 References: <F225XLsxpTljBOh8s4K0001280c@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 27, 2001 at 11:48:04AM +0200, John Massier wrote:
> Hi, I´m a newbie in ipfw and I need urgently (if possible) a simple example
> on how to use setsockopt (ipfirewall(4)) to add a rule to IPFIREWALL. For
> example, how would it be the way to add the following rule?:
>
> 7000 allow tcp from 193.10.0.0:255.255.0.0 1021-1023 to any out via lnc0 uid
> user_name
>
> or if someone has a good example that shows every detail of a ipfw rule,
> I´ll thank you very much.
src/sbin/ipfw.c:add() shows how to contruct a rule and add it.
you have to fill a rule structure and then getsockopt(..., IP_FW_ADD,
rule, sizeof(rule)); ipfw(4) will copyout the rule back into 'rule'.
src/sys/netinet/ip_fw.c:{ip_fw_ctl(),add_entry()} are the backend behind
this operation.
--
- bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010827054336.J2759>