Building.Open.Source.Network.Security.Tools.Components.And.Techniques [Electronic resources] نسخه متنی

Firewall Functions

As yet, no other portable library has seen libdnet's capability to interface with an operating system's native firewall functionality. Many modern robust operating systems contain support for some sort of firewall capabilities. While similar in theory, all seem to differ wildly in implementation. Libdnet bridges the gap and enables the application programmer to access this functionality in a portable and consistent fashion. At this writing, the following operating systems are supported: OpenBSD, FreeBSD, NetBSD, Linux, and MacOS with Solaris functionality in the works.

You should employ the fw_pack_rule() macro to populate struct fw_rule (described in the datatypes section).

fw_t *fw_open(void);

fw_open() opens and initializes a firewall handle for use in subsequent firewall functions. Upon success, the function returns a valid fw_t descriptor; upon failure, the function returns NULL.

int fw_add(fw_t *f, struct fw_rule *rule);

fw_add() adds the firewall rule rule to the firewall subsystem that f references. Upon success, the function returns 0; upon failure, the function returns −1.

int fw_delete(fw_t *f, struct fw_rule *rule);

fw_delete() deletes the firewall rule rule from the firewall subsystem that f references. Upon success, the function returns 0; upon failure, the function returns −1.

int fw_loop(fw_t *f, fw_handler callback, void *arg);
int callback(const struct fw_rule *rule, void *arg);

returns −1 and sets errno. The fw_loop() callback function format expects two arguments: a pointer to the firewall rule and the optional argument arg.

fw_t *fw_close(fw_t *f);

fw_close() closes the firewall interface that f references. The function returns NULL.

fw_pack_rule(rule, dev, o, dir, p, s, d, sp1, sp2, dp1, dp2);

fw_pack_rule() is a macro that fills in a firewall rule structure rule elements with the arguments specified corresponding to each member, as Table 6.4 summarizes.