|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Listening outside ipfw / program interface to ipfw
From: Jeremie Le Hen (jeremie
le-hen.org)
Date: Thu Jan 13 2005 - 16:19:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Hi,
> Two quick questions that I can't seem to find answers for using google.
>
> 1) is is possible to listen outside an ipfw firewall - that is have
> ethereal record the packets before ipfw starts dropping them? If so how?
tcpdump(8) uses the bpf(4) device and the latter will always see a
packet reaching the box whether a packet filter will drop it or not.
> 2) Is there an api to ipfw that will let me manipulate rules, query
> stats etc? I need something faster than running the command line binary?
Yes, you should look at the ``SEE ALSO'' section in ipfw(8) manual page.
ipfirewall(4) is what you are looking for, but looking at ipfw(8)
source code might help too.
Regards,
--
Jeremie Le Hen
jeremiele-hen.org
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]