[libdnet-devel] simple fw_add usage question
Status: Abandoned
Brought to you by:
dugsong
Menu
▾
▴
[libdnet-devel] simple fw_add usage question
|
From: Rob <ca...@cs...> - 2005-08-18 18:38:06
|
Sorry for posting this here, but I've been though the docs and the
examples, and can't figure out what I'm going wrong.
I am trying to add a simple deny firewall rule for Linux 2.6 with
iptables. fw_open() return correctly, but fw_add() return -1 and sets
error to "fw_add:: Protocol not available ".
I'm setting fr->fw_proto via:
struct protoent *pr;
if ((pr = getprotobyname("tcp")) == NULL)
{
fprintf(stderr,"Failed to lookup protocol tcp : exiting\n");
perror("getprotobyname");
exit(1);
}
firewallrule.fw_proto = pr->p_proto;
and verifying by hand it is getting set to '6' which is correct.
Everything else I'm doing is seems sane (code snippet below)-- does
anyone have any ideas?
TIA,
- Rob
.
------
strncpy(firewallrule.fw_device,ctx->dev,INTF_NAME_LEN);
firewallrule.fw_op = FW_OP_BLOCK;
firewallrule.fw_dir = FW_DIR_IN;
firewallrule.fw_proto = pr->p_proto;
fprintf(stderr,"Looked up protocol %d for TCP\n",firewallrule.fw_proto);
firewallrule.fw_dst.addr_ip = ctx->localIP;
firewallrule.fw_dport[0] = 0; // whole range
firewallrule.fw_dport[1] = 65535 ;
firewallrule.fw_src.addr_ip= v->dstIP;
firewallrule.fw_sport[0]= firewallrule.fw_sport[1]= v->dstPort;
localIP and dstIP are u32's, ctx->dev is a char*, and dstPort is a u16;
|
