From owner-freebsd-security@FreeBSD.ORG  Fri Jan 14 09:08:12 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EFCB216A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 14 Jan 2005 09:08:12 +0000 (GMT)
Received: from cray.e-card.bg (mjak.e-card.bg [212.91.167.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0C50D43D1D
	for <freebsd-security@freebsd.org>;
	Fri, 14 Jan 2005 09:08:10 +0000 (GMT)
	(envelope-from altares@e-card.bg)
Received: from e-card.bg (localhost.e-card.bg [127.0.0.1])
	by cray.e-card.bg (8.13.1/8.13.1) with ESMTP id j0E97Mxh022312;
	Fri, 14 Jan 2005 11:07:31 +0200 (EET)
	(envelope-from altares@e-card.bg)
Message-ID: <41E78BCA.2080903@e-card.bg>
Date: Fri, 14 Jan 2005 11:07:22 +0200
From: Rumen Telbizov <altares@e-card.bg>
Organization: E-Card Ltd.
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;
	rv:1.4) Gecko/20030624 Netscape/7.1
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jeremie Le Hen <jeremie@le-hen.org>
References: <41E6D3EE.5090205@cloudview.com>
	<20050113221947.GC46977@obiwan.tataz.chchile.org>
In-Reply-To: <20050113221947.GC46977@obiwan.tataz.chchile.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-security@freebsd.org
cc: John Pettitt <jpp@cloudview.com>
Subject: Re: Listening outside ipfw / program interface to ipfw
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: altares@e-card.bg
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2005 09:08:13 -0000


Hi

Jeremie Le Hen wrote:
>>2) Is there an api to ipfw that will let me manipulate rules, query 
>>stats etc?  I need something faster than running the command line binary?
> 
> 
> Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page.
> ipfirewall(4) is what you are looking for, but looking at ipfw(8)
> source code might help too.

On what version of FreeBSD are you looking the
ipfirewall(4) man page?

Recently I needed the C api to ipfw, but it
turns out that ipfirewall(4) man page no longer
describes it. This is on 5.3-STABLE and 4.10-STABLE.
I also searched in google and I think I had found
a post saying that currently the only way to manipulate/use
firewall rules is via ifpw(8) command.

If someone can provide me a reference to the C api
of ipfw I will be thankfull.

Rumen Telbizov