regarding this post, the problem has now been resolved thanks to Camiel ;)
On Fri, Aug 06, 2004 at 09:31:03AM +0100, Christopher Keeley wrote:
## Hello everybody.
##
## I am currently writing a program that, at certain points needs to add a rule to
## the current firewall set.
##
## Here is a copy of the code i have so far for the function that will add
## the rule:
##
## <code>------------------------------------------------------------------
##
## struct pfioc_rule pr;
## struct pf_rule pfrule;
## struct pfioc_pooladdr pool;
##
## int pf_dev_fd, ret;
##
## /*
## * char anchorname[PF_ANCHOR_NAME_SIZE] = "pwatch";
## * char rulesetname[PF_RULESET_NAME_SIZE] = "pwatch_rules";
## */
##
## /**** (pfvar.h) struct reference path for 3rd inet_pton argument *****
## * struct pfioc_rule: pr
## * struct pf_rule: rule
## * struct pf_rule_addr: src
## * struct pf_addr_wrap: addr
## * 'v' is a union in 'pf_addr_wrap'
## * 'a' is a 'struct pf_addr' and a member of 'v'
## * addr is a 'struct pf_addr' and a member of 'a'
## * v4 is #defined as pfa.v4 ('pfa' is a union in struct pf_addr)
## */
##
## inet_pton(AF_INET, "192.168.0.1", &pfrule.src.addr.v.a.addr.v4.s_addr);
## inet_pton(AF_INET, "192.168.0.4", &pfrule.dst.addr.v.a.addr.v4.s_addr);
##
## /*
## * strlcpy(pr.anchor, anchorname, sizeof(anchorname));
## * strlcpy(pr.ruleset, rulesetname, sizeof(rulesetname));
## */
##
## pr.rule.action = PF_DROP;
##
## /* if we can open device then proceed with add rules */
## if((pf_dev_fd = open("/dev/pf", O_RDWR)) != -1)
## {
## if((ioctl(pf_dev_fd, DIOCBEGINRULES, &pr)) == -1)
## perror("ioctl DIOCBEGINRULES");
##
## if((ioctl(pf_dev_fd, DIOCBEGINADDRS, &pool)) == -1)
## perror("ioctl DIOCBEGINADDRS");
##
## pr.pool_ticket = pool.ticket;
##
## memcpy(&pr.rule, &pfrule, sizeof(pfrule));
##
## if((ioctl(pf_dev_fd, DIOCADDRULE, &pr)) == -1)
## perror("ioctl DIOCADDRULE");
##
## if((ioctl(pf_dev_fd, DIOCCOMMITRULES, &pr)) == -1)
## perror("ioctl DIOCCOMMITRULES");
## }
## else
## {
## (void)fprintf(stderr, "failed to open /dev/pf\n");
## ret = 0;
## }
##
## close(pf_dev_fd);
## return ret;
##
## </code>--------------------------------------------------------------
##
##
##
## The problem I am having is the ioctl
## command DIOCADDRULE returns 'invalid argument'.
##
## All of the other ioctl commands seem to be working fine including the
## obtaining of tickets.
##
## The minimal knowledge i have gathered so far concerning pf has been gained
## through reading source files for 'pf' and 'authpf' and the man page but i seem to
be missing
## something rather important.
##
## I would be most grateful if somebody could make a suggestion or point me
## in the right direction as it would save what little hair i have left 8).
##
## Regards
##
## Chris
##
## --
## -----------------------------------------------
## Chris Keeley
##
## public key: pgp.mit.edu (search string: crizza)
---end quoted text---
--
-----------------------------------------------
Chris Keeley
public key: pgp.mit.edu (search string: crizza)
pgp1wdwcc7TqV.pgp
Description: PGP signature
