From owner-freebsd-pf@FreeBSD.ORG Mon Dec 28 21:33:23 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0C1351065670 for ; Mon, 28 Dec 2009 21:33:23 +0000 (UTC) (envelope-from tom@tomjudge.com) Received: from tomjudge.vm.bytemark.co.uk (tomjudge.vm.bytemark.co.uk [80.68.91.100]) by mx1.freebsd.org (Postfix) with ESMTP id C37128FC14 for ; Mon, 28 Dec 2009 21:33:22 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by tomjudge.vm.bytemark.co.uk (Postfix) with ESMTP id 66094486A8; Mon, 28 Dec 2009 21:33:21 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at tomjudge.vm.bytemark.co.uk Received: from tomjudge.vm.bytemark.co.uk ([127.0.0.1]) by localhost (tomjudge.vm.bytemark.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CXaYXCzY+sR2; Mon, 28 Dec 2009 21:33:18 +0000 (GMT) Received: from Tom-Judges-MacBook-Pro.local (unknown [192.168.205.10]) by tomjudge.vm.bytemark.co.uk (Postfix) with ESMTP id E463A4860B; Mon, 28 Dec 2009 21:33:17 +0000 (GMT) Message-ID: <4B39241C.6030100@tomjudge.com> Date: Mon, 28 Dec 2009 15:33:16 -0600 From: Tom Judge User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 MIME-Version: 1.0 To: Martin Baumann References: <4B391793.9020100@gmail.com> In-Reply-To: <4B391793.9020100@gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: school project X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Dec 2009 21:33:23 -0000 On 28/12/2009 14:39, Martin Baumann wrote: > Hi, > > Firstly I want to apologize for interrupting you with such a stupid > thing but i need help. > > I have to write adaptive application firewall as PF module(using ioctl > or anchor...). > > The problem is I don't know where I should look for some documentation > or some API description, so I don't know how to start. > > I am looking for some person who wrote module for PF to help me start > and answer me some simple questions. > Hi Martin, There are a number of userland daemons that do this kind of thing already: * ftpsesame * miniupnpd These are but 2 of a long list. There is a guide on the miniupnpd website on how to interface with rules in anchors for both NAT and filter type rules. Hope this is useful. Tom