From owner-freebsd-security@FreeBSD.ORG  Thu Jan 13 22:19:53 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A8B216A4CE
	for <freebsd-security@freebsd.org>;
	Thu, 13 Jan 2005 22:19:53 +0000 (GMT)
Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DCF6143D3F
	for <freebsd-security@freebsd.org>;
	Thu, 13 Jan 2005 22:19:52 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org
	(vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98])
	by postfix3-1.free.fr (Postfix) with ESMTP id 0F6951734D2;
	Thu, 13 Jan 2005 23:19:51 +0100 (CET)
Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000)
	id 9124B40B9; Thu, 13 Jan 2005 23:19:47 +0100 (CET)
Date: Thu, 13 Jan 2005 23:19:47 +0100
From: Jeremie Le Hen <jeremie@le-hen.org>
To: John Pettitt <jpp@cloudview.com>
Message-ID: <20050113221947.GC46977@obiwan.tataz.chchile.org>
References: <41E6D3EE.5090205@cloudview.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <41E6D3EE.5090205@cloudview.com>
User-Agent: Mutt/1.5.6i
cc: freebsd-security@freebsd.org
Subject: Re: Listening outside ipfw / program interface to ipfw
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2005 22:19:53 -0000

> Hi,
>    Two quick questions that I can't seem to find answers for using google.
> 
> 1) is is possible to listen outside an ipfw firewall - that is have 
> ethereal record the packets before ipfw starts dropping them? If so how?

tcpdump(8) uses the bpf(4) device and the latter will always see a
packet reaching the box whether a packet filter will drop it or not.

> 2) Is there an api to ipfw that will let me manipulate rules, query 
> stats etc?  I need something faster than running the command line binary?

Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page.
ipfirewall(4) is what you are looking for, but looking at ipfw(8)
source code might help too.

Regards,
-- 
Jeremie Le Hen
jeremie@le-hen.org