Re: Is there an API for ipfw?

Mikhail Teterin wrote:

Hi!

I'm writing an application that, needs to be able to quickly alter the bandwidth between another machine and the host.

The only way I can do that -- without another machine's cooperation -- is by using the firewall, such as the dummynet functionality of ipfw.

Is there any way to create/alter such a pipe from a C-program without using system("ipfw ....")?

If not ipfw, perhaps, other firewall modules in FreeBSD-6.x?

Thanks a lot!

-mi

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"


I use

popen("ipfw -q /dev/stdin", "w");

That way you only run it once and it is always ready
and waiting to get the next command.


The downside is that you need to keep track of what rules you have because if you try delete
a rule that does not exist, then ipfw will quit.

For this reason I put the write() in a loop, that re-opens the pipe if ipfw dies,
and I only try delete rules that I know I put in.

I also made a small change to ipfw (in -current) that makes it not quit
when table entries are added where they already exist and when you try
delete a non existant table entry. (but only in -q mode)

It would be really cool to have an ipfw library that ipfw called and could be imported
into other programs.. (with python, tcl and perl bindings (ok ruby too)).

one for the "ideas" list I guess.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages