From owner-freebsd-pf@FreeBSD.ORG Sat Dec 18 16:14:55 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9001716A4CE for ; Sat, 18 Dec 2004 16:14:55 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.184]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2536943D4C for ; Sat, 18 Dec 2004 16:14:55 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.206] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CfhEM-0003n9-00; Sat, 18 Dec 2004 17:14:54 +0100 Received: from [217.227.152.17] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CfhEL-0001Vy-00; Sat, 18 Dec 2004 17:14:54 +0100 From: Max Laier To: freebsd-pf@freebsd.org Date: Sat, 18 Dec 2004 17:14:44 +0100 User-Agent: KMail/1.7.1 References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net> <41C3BA23.5070207@authtec.com> In-Reply-To: <41C3BA23.5070207@authtec.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9351370.MO4ATsnkBD"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200412181714.51674.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: sam wun Subject: Re: Add new PF rules from C. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 16:14:55 -0000 --nextPart9351370.MO4ATsnkBD Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Saturday 18 December 2004 06:03, sam wun wrote: > Thanks for the sugestion. I use pfctl -ss found some Established state, > the sample code works great. > I would like to write a C program add rule to PF base on based on user > defined anchor and tables. Where can I find more inforamtion and > guideline about doing that? Look at pfctl(8) (src/contrib/pf/pfctl/...) it's all in there. The code is= =20 quite readable and it should be easy to determine what to hand to the vario= us=20 ioctls. In most of the cases you don't really need to write your own C code= =2E=20 Most of the time it should be sufficient to exec() pfctl(8) and pipe rules = to=20 it. Take a look at the spamd port (mail/spamd) which does just that. You=20 might need a fdescfs(5) in order to drop root privs and use the -p option.= =20 But that should all be obvious from the spamd code. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart9351370.MO4ATsnkBD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBxFd7XyyEoT62BG0RAnWTAJ9rYlpdIwq064560LfPaUguCCkudwCffnd+ sVXG9W37wPKc8arTkAegsqw= =dH3w -----END PGP SIGNATURE----- --nextPart9351370.MO4ATsnkBD--