From owner-freebsd-pf@FreeBSD.ORG Sat Dec 18 05:04:08 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D96EA16A4CE for ; Sat, 18 Dec 2004 05:04:08 +0000 (GMT) Received: from smtp02.net-yan.com (smtp02.hgcbroadband.com [210.0.255.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 100FF43D1D for ; Sat, 18 Dec 2004 05:04:08 +0000 (GMT) (envelope-from sam.wun@authtec.com) Received: (qmail 51673 invoked from network); 18 Dec 2004 05:04:07 -0000 Received: from unknown (HELO [192.168.4.70]) (samwun@hgcbroadband.com@[221.126.236.217]) (envelope-sender ) by localhost (qmail-ldap-1.03) with SMTP for ; 18 Dec 2004 05:04:07 -0000 Message-ID: <41C3BA23.5070207@authtec.com> Date: Sat, 18 Dec 2004 13:03:31 +0800 From: sam wun User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> In-Reply-To: <200412180557.00999.max@love2party.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Add new PF rules from C. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 05:04:09 -0000 Hi, Thanks for the sugestion. I use pfctl -ss found some Established state, the sample code works great. I would like to write a C program add rule to PF base on based on user defined anchor and tables. Where can I find more inforamtion and guideline about doing that? Thanks Sam Max Laier wrote: >[ Please choose one mailinglist, freebsd-pf is appropriate - MOVED ] > >On Saturday 18 December 2004 05:49, sam wrote: > > >>Hi, >> >>I found some sample code in the man pf page (just scoll down to the end >>of the page, you will see it). >> >>After compiled it and give it a shoot, it returned error: >> >># pfctl -sn >>nat on tun0 inet from 192.168.9.0/24 to any -> (tun0) round-robin >>nat on tun0 inet from 192.168.4.0/24 to any -> (tun0) round-robin >>nat on tun0 inet from 172.16.0.0/24 to any -> (tun0) round-robin >>rdr on tun0 inet proto tcp from any to 1.2.3.4 port = 3000 -> >>192.168.4.254 port 25 >> >># ./a.out >>./a.out >> >>./a.out 192.168.4.254 25 1.2.3.4 3000 >>a.out: DIOCNATLOOK: No such file or directory >> >> > >That's ENOENT which simply means that pf was not able to find a state that >matches your lookup. You should have an *open* connection to have a state >around. Crosscheck with $pfctl -ss > > > >>I may be have overlooked something. >> >>Your suggestion is highly appreciated. >> >> > > >