From owner-freebsd-ipfw Mon Aug 27 3:43:45 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id 9616637B406 for ; Mon, 27 Aug 2001 03:43:36 -0700 (PDT) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id 93C3D81D01; Mon, 27 Aug 2001 05:43:36 -0500 (CDT) Date: Mon, 27 Aug 2001 05:43:36 -0500 From: Bill Fumerola To: John Massier Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: setsockopt / ipfirewall example Message-ID: <20010827054336.J2759@elvis.mu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from j_massier@hotmail.com on Mon, Aug 27, 2001 at 11:48:04AM +0200 X-Operating-System: FreeBSD 4.3-FEARSOME-20010712 i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Aug 27, 2001 at 11:48:04AM +0200, John Massier wrote: > Hi, I´m a newbie in ipfw and I need urgently (if possible) a simple example > on how to use setsockopt (ipfirewall(4)) to add a rule to IPFIREWALL. For > example, how would it be the way to add the following rule?: > > 7000 allow tcp from 193.10.0.0:255.255.0.0 1021-1023 to any out via lnc0 uid > user_name > > or if someone has a good example that shows every detail of a ipfw rule, > I´ll thank you very much. src/sbin/ipfw.c:add() shows how to contruct a rule and add it. you have to fill a rule structure and then getsockopt(..., IP_FW_ADD, rule, sizeof(rule)); ipfw(4) will copyout the rule back into 'rule'. src/sys/netinet/ip_fw.c:{ip_fw_ctl(),add_entry()} are the backend behind this operation. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message