Date: Sat, 18 Dec 2004 17:14:44 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Cc: sam wun <sam.wun@authtec.com> Subject: Re: Add new PF rules from C. Message-ID: <200412181714.51674.max@love2party.net> In-Reply-To: <41C3BA23.5070207@authtec.com> References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> <41C3BA23.5070207@authtec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Saturday 18 December 2004 06:03, sam wun wrote: > Thanks for the sugestion. I use pfctl -ss found some Established state, > the sample code works great. > I would like to write a C program add rule to PF base on based on user > defined anchor and tables. Where can I find more inforamtion and > guideline about doing that? Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is quite readable and it should be easy to determine what to hand to the various ioctls. In most of the cases you don't really need to write your own C code. Most of the time it should be sufficient to exec() pfctl(8) and pipe rules to it. Take a look at the spamd port (mail/spamd) which does just that. You might need a fdescfs(5) in order to drop root privs and use the -p option. But that should all be obvious from the spamd code. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBxFd7XyyEoT62BG0RAnWTAJ9rYlpdIwq064560LfPaUguCCkudwCffnd+ sVXG9W37wPKc8arTkAegsqw= =dH3w -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412181714.51674.max>