Date: Thu, 30 Mar 2006 16:40:54 -0800 From: Julian Elischer <julian@elischer.org> To: Mikhail Teterin <mi+mx@aldan.algebra.com> Cc: rizzo@icir.org, net@freebsd.org, ugen@worldbank.org, archie@dellroad.org, ugen@netvision.net.il Subject: Re: Is there an API for ipfw? Message-ID: <442C7A96.6050304@elischer.org> In-Reply-To: <200603301657.43218.mi%2Bmx@aldan.algebra.com> References: <200603301657.43218.mi%2Bmx@aldan.algebra.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikhail Teterin wrote:
>Hi!
>
>I'm writing an application that, needs to be able to quickly alter the
>bandwidth between another machine and the host.
>
>The only way I can do that -- without another machine's cooperation -- is by
>using the firewall, such as the dummynet functionality of ipfw.
>
>Is there any way to create/alter such a pipe from a C-program without using
>system("ipfw ....")?
>
>If not ipfw, perhaps, other firewall modules in FreeBSD-6.x?
>
>Thanks a lot!
>
> -mi
>
>_______________________________________________
>freebsd-net@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>
I use
popen("ipfw -q /dev/stdin", "w");
That way you only run it once and it is always ready
and waiting to get the next command.
The downside is that you need to keep track of what rules you have
because if you try delete
a rule that does not exist, then ipfw will quit.
For this reason I put the write() in a loop, that re-opens the pipe if
ipfw dies,
and I only try delete rules that I know I put in.
I also made a small change to ipfw (in -current) that makes it not quit
when table entries are added where they already exist and when you try
delete a non existant table entry. (but only in -q mode)
It would be really cool to have an ipfw library that ipfw called and
could be imported
into other programs.. (with python, tcl and perl bindings (ok ruby too)).
one for the "ideas" list I guess.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442C7A96.6050304>