From owner-freebsd-pf@FreeBSD.ORG Wed Jul 19 06:51:29 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 852D516A4DD for ; Wed, 19 Jul 2006 06:51:29 +0000 (UTC) (envelope-from rajkumars@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.168]) by mx1.FreeBSD.org (Postfix) with ESMTP id D03FE43D4C for ; Wed, 19 Jul 2006 06:51:28 +0000 (GMT) (envelope-from rajkumars@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so175908uge for ; Tue, 18 Jul 2006 23:51:27 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EvtxTDEKLzazDsZGjUpgXVhHy8UCa3MQsAhWUkFugGNaLM+rAWZs4SxTcCI4kq7ZcDG1y+wMnWUv6Ji76BDh8yOkEMifc988A8zRwvFTOqGxuoJOCvJRlbayqTfTysLF3shzia1qpQ2U6PICUDVeCp4fOwEf1kJhNl8Zs0AIXoI= Received: by 10.78.170.17 with SMTP id s17mr156496hue; Tue, 18 Jul 2006 23:35:34 -0700 (PDT) Received: by 10.78.120.13 with HTTP; Tue, 18 Jul 2006 23:35:34 -0700 (PDT) Message-ID: <64de5c8b0607182335q4fae2ed9w233f2ea6438504ad@mail.gmail.com> Date: Wed, 19 Jul 2006 12:05:34 +0530 From: "Rajkumar S" To: "Travis H." In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <64de5c8b0607181030h64d7d539r788ba7bbc6841e4d@mail.gmail.com> <200607181950.10304.max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: Program to add/delete a rule from pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jul 2006 06:51:29 -0000 On 7/19/06, Travis H. wrote: > Another way is to use my dfd_keeper program, located at my homepage > below. It allows you to make arbitrary modification to the pf rules. > It doesn't use ioctls; it remembers all the rules, make modification > to them at run-time, and re-loads the ruleset completely. No anchors > are really necessary, but you might want to use a few so you can > "patch" the rulest temporarily without modifying your dfd_keeper > script (I provide the library, you provide the client script). There > is an example. It's meant for making run-time rule changes, and even > takes care of things like flushing states if you remove a pass rule, > etc. I would appreciate feedback on it. Thanks for the link, but there are couple of problems preventing me from using it. 1. My motive is to get a snortsam plugin for freebsd pf to block an offending connection, and contribute it back to snortsam. So I do not want to use Zope or twisted. 2. The license of the code does not permit me to contribute it back to snortsam, which BSD licenced. btw, is there any other program (other than pfctl) that interfaces with pf using ioctl to add a rule (not a table entry) so that I can look into the code? raj