Date: Sat, 18 Dec 2004 13:04:44 +0800 From: sam wun <sam.wun@authtec.com> Cc: FreeBSD current mailing list <current@FreeBSD.org> Subject: Adding PF rules from C Message-ID: <41C3BA6C.5030209@authtec.com> In-Reply-To: <200412180557.00999.max@love2party.net> References: <41C3B6CE.4080704@authtec.com> <200412180557.00999.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Thanks for the sugestion. I use pfctl -ss found some Established state, the sample code works great. I would like to write a C program add rule to PF base on based on user defined anchor and tables. Where can I find more inforamtion and guideline about doing that? Thanks Sam Max Laier wrote: >[ Please choose one mailinglist, freebsd-pf is appropriate - MOVED ] > >On Saturday 18 December 2004 05:49, sam wrote: > > >>Hi, >> >>I found some sample code in the man pf page (just scoll down to the end >>of the page, you will see it). >> >>After compiled it and give it a shoot, it returned error: >> >># pfctl -sn >>nat on tun0 inet from 192.168.9.0/24 to any -> (tun0) round-robin >>nat on tun0 inet from 192.168.4.0/24 to any -> (tun0) round-robin >>nat on tun0 inet from 172.16.0.0/24 to any -> (tun0) round-robin >>rdr on tun0 inet proto tcp from any to 1.2.3.4 port = 3000 -> >>192.168.4.254 port 25 >> >># ./a.out >>./a.out <gwy addr> <gwy port> <ext addr> <ext port> >> >>./a.out 192.168.4.254 25 1.2.3.4 3000 >>a.out: DIOCNATLOOK: No such file or directory >> >> > >That's ENOENT which simply means that pf was not able to find a state that >matches your lookup. You should have an *open* connection to have a state >around. Crosscheck with $pfctl -ss > > > >>I may be have overlooked something. >> >>Your suggestion is highly appreciated. >> >> > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41C3BA6C.5030209>