Date: Wed, 14 Jul 2004 10:51:50 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Matin Tamizi <mtamizi@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Prepocessing in ipfw Message-ID: <20040714155149.GC8522@dan.emsphone.com> In-Reply-To: <f68a41604071408286f15fa71@mail.gmail.com> References: <f68a41604071408286f15fa71@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jul 14), Matin Tamizi said: > How can I use the preprocessing feature in ipfw to run incoming > packets through my own C program? How can my C program communicate > to ipfw to drop (deny) and packet or connection? If you're talking about the -p flag to ipfw, that's just for parsing config files (like what cpp does with #include and #define for C). Take a look at divert sockets for a way to capture packets from ipfw into a program, and then reinject (or drop) them. See the divert and ipfw manpages. natd uses divert sockets, so you can look at its source to see how they work. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040714155149.GC8522>