From owner-freebsd-pf@FreeBSD.ORG Sat Dec 18 07:08:01 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 170F816A4CE for ; Sat, 18 Dec 2004 07:08:01 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id A585E43D31 for ; Sat, 18 Dec 2004 07:08:00 +0000 (GMT) (envelope-from dr.clau@gmail.com) Received: by wproxy.gmail.com with SMTP id 55so131050wri for ; Fri, 17 Dec 2004 23:08:00 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=Ye5a4JsdAVmkk/5JEVMMZm18eTDpWN2ZvXUFw+lKPoMQjukoHze9LHvUcx5DOlMId79nUGKcMRB0VCdLqYBptoSv3rCU0M2hNdpDddWmMBr4YjZMoCubqMoR+IHZpGGNmEIYfM4EPO+sebK6OI9mFDC3j0cBjNW9b4niwyFv2a0= Received: by 10.54.2.15 with SMTP id 15mr83654wrb; Fri, 17 Dec 2004 23:08:00 -0800 (PST) Received: by 10.54.21.10 with HTTP; Fri, 17 Dec 2004 23:08:00 -0800 (PST) Message-ID: Date: Sat, 18 Dec 2004 09:08:00 +0200 From: Claudiu Dragalina-Paraipan To: sam wun In-Reply-To: <41C3BA23.5070207@authtec.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <41C3B6CE.4080704@authtec.com> <41C3BA23.5070207@authtec.com> cc: freebsd-pf@freebsd.org Subject: Re: Add new PF rules from C. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Claudiu Dragalina-Paraipan List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 07:08:01 -0000 Hi, actually pf manual page has all the information you need (ioctl's). Eventually you might want to take a look into pf code. On Sat, 18 Dec 2004 13:03:31 +0800, sam wun wrote: > Hi, > > Thanks for the sugestion. I use pfctl -ss found some Established state, > the sample code works great. > I would like to write a C program add rule to PF base on based on user > defined anchor and tables. Where can I find more inforamtion and > guideline about doing that? > > Thanks > Sam > > Max Laier wrote: > > >[ Please choose one mailinglist, freebsd-pf is appropriate - MOVED ] > > > >On Saturday 18 December 2004 05:49, sam wrote: > > > > > >>Hi, > >> > >>I found some sample code in the man pf page (just scoll down to the end > >>of the page, you will see it). > >> > >>After compiled it and give it a shoot, it returned error: > >> > >># pfctl -sn > >>nat on tun0 inet from 192.168.9.0/24 to any -> (tun0) round-robin > >>nat on tun0 inet from 192.168.4.0/24 to any -> (tun0) round-robin > >>nat on tun0 inet from 172.16.0.0/24 to any -> (tun0) round-robin > >>rdr on tun0 inet proto tcp from any to 1.2.3.4 port = 3000 -> > >>192.168.4.254 port 25 > >> > >># ./a.out > >>./a.out > >> > >>./a.out 192.168.4.254 25 1.2.3.4 3000 > >>a.out: DIOCNATLOOK: No such file or directory > >> > >> > > > >That's ENOENT which simply means that pf was not able to find a state that > >matches your lookup. You should have an *open* connection to have a state > >around. Crosscheck with $pfctl -ss > > > > > > > >>I may be have overlooked something. > >> > >>Your suggestion is highly appreciated. > >> > >> > > > > > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Claudiu Dragalina-Paraipan e-mail: dr.clau@gmail.com