Date: Tue, 18 Jul 2006 19:50:04 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: Program to add/delete a rule from pf Message-ID: <200607181950.10304.max@love2party.net> In-Reply-To: <64de5c8b0607181030h64d7d539r788ba7bbc6841e4d@mail.gmail.com> References: <64de5c8b0607181030h64d7d539r788ba7bbc6841e4d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1429672.VqGyfOLyfm
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 18 July 2006 19:30, Rajkumar S wrote:
> Hi,
>
> I am trying to do a pf module for snortsam, that requires a function
> to add and delete
> rules, much like iptables -A and -D As pfctl does not support deletion
> of rules, and as
> reloading all rules every time a new rule has to be added or deleted
> is a pita, I am
> trying to write a program to do it, which will be used to write snortsam
> plugin.
>
> After going through sources of pfctl and some other programs, I wrote
> a skeltel program
> to add a rule via ioctl, but that is not working.
Just a short hint rather than debugging your code: Did you look into using=
=20
anchors like spamd and authpf do? That way it will be a simple matter of=20
flushing an anchor ruleset and the users of your plugin can have some say=20
where your rules end up by placing the anchor(s) accordingly.
> My feeling is that I need to do some more init of pfioc_rule and
> pf_rule structures to
> get it working, but the code of pfctl is bit dense to get a clear
> understanding. It will
> be great if some one here can lend a helping hand!
>
> with warm regards,
>
> raj
>
>
> #include <sys/ioctl.h>
> #include <sys/socket.h>
> #include <net/if.h>
> #include <netinet/in.h>
> #include <net/pfvar.h>
> #include <arpa/inet.h>
> #include <fcntl.h>
>
> #define IP_PROTO_TCP 6
>
> int main (){
> struct pfioc_trans trans;
> struct pfioc_trans_e trans_e;
> struct pf_rule pr;
> struct pfioc_rule pr_ioctl;
> struct pfioc_pooladdr pp;
>
> struct hostent *h;
>
> char *pf_device =3D "/dev/pf";
> char anchor[100];
> int dev;
> int mode =3D O_RDWR;
>
> dev =3D open(pf_device, mode);
>
> bzero(&trans, sizeof(trans));
> bzero(&trans_e, sizeof(trans_e));
> bzero(&pr, sizeof(pr));
> bzero(&pp, sizeof(pp));
> bzero(&h, sizeof(h));
>
> strlcpy(trans_e.anchor, "snortsam", sizeof(trans_e.anchor));
> trans_e.rs_num =3D PF_RULESET_FILTER;
>
> trans.size =3D 1;
> trans.esize =3D sizeof(struct pfioc_trans_e);
> trans.array =3D &trans_e;
> if (ioctl(dev, DIOCXBEGIN, &trans)) printf ("Error\n");
>
> memcpy(pp.anchor, anchor, sizeof(pp.anchor));
> pp.r_action =3D PF_DROP;
> pp.r_num =3D 0;
> if (ioctl(dev, DIOCGETADDRS, &pp)) printf ("DIOCGETADDRS\n");
>
> pr.action =3D PF_DROP;
> pr.direction =3D PF_IN;
> pr.af =3D AF_INET;
> pr.proto =3D IP_PROTO_TCP;
> pr_ioctl.ticket =3D trans_e.ticket;
> pr_ioctl.pool_ticket =3D pp.ticket;
> memcpy(&pr_ioctl.rule, &pr, sizeof(pr_ioctl.rule));
> strlcpy(pr_ioctl.anchor_call, anchor,
> sizeof(pr_ioctl.anchor_call));
>
> if (ioctl(dev, DIOCADDRULE, &pr_ioctl)) printf ("DIOCADDRULE\n");
> close (dev);
> }
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart1429672.VqGyfOLyfm
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (FreeBSD)
iD8DBQBEvR9SXyyEoT62BG0RAnuNAJ97Z+bjUJCfQdxr2cU0rlL4QwA9owCfb9cK
vajzEpiWARfbCj2zk1bYKvI=
=KHGZ
-----END PGP SIGNATURE-----
--nextPart1429672.VqGyfOLyfm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607181950.10304.max>