From owner-freebsd-security@FreeBSD.ORG  Fri Jan 14 13:28:07 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1384416A4CE
	for <freebsd-security@freebsd.org>;
	Fri, 14 Jan 2005 13:28:07 +0000 (GMT)
Received: from f23.mail.ru (f23.mail.ru [194.67.57.149])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 94E1543D5C
	for <freebsd-security@freebsd.org>;
	Fri, 14 Jan 2005 13:28:06 +0000 (GMT)	(envelope-from _pppp@mail.ru)
Received: from mail by f23.mail.ru with local 
	id 1CpRUj-000G2E-00; Fri, 14 Jan 2005 16:28:05 +0300
Received: from [81.200.13.122] by win.mail.ru with HTTP;
	Fri, 14 Jan 2005 16:28:05 +0300
From: dima <_pppp@mail.ru>
To: altares@e-card.bg
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: [81.200.13.122]
Date: Fri, 14 Jan 2005 16:28:05 +0300
In-Reply-To: <41E78BCA.2080903@e-card.bg>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E1CpRUj-000G2E-00._pppp-mail-ru@f23.mail.ru>
cc: freebsd-security@freebsd.org
Subject: Re[2]: Listening outside ipfw / program interface to ipfw
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: dima <_pppp@mail.ru>
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jan 2005 13:28:07 -0000


> >>2) Is there an api to ipfw that will let me manipulate rules, query 
> >>stats etc?  I need something faster than running the command line binary?
> > Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page.
> > ipfirewall(4) is what you are looking for, but looking at ipfw(8)
> > source code might help too.
> On what version of FreeBSD are you looking the
> ipfirewall(4) man page?
> 
> Recently I needed the C api to ipfw, but it
> turns out that ipfirewall(4) man page no longer
> describes it. This is on 5.3-STABLE and 4.10-STABLE.
> I also searched in google and I think I had found
> a post saying that currently the only way to manipulate/use
> firewall rules is via ifpw(8) command.
> 
> If someone can provide me a reference to the C api
> of ipfw I will be thankfull.
C API for ipfw(8) is getsockopt() & setsockopt(); see /usr/src/sbin/ipfw/ipfw2.c for details.
The optname in your software would look like IP_FW_GET, IP_FW_ADD etc.