man/orig/ng ipfw
Материал из Xgu.ru
Не указан параметр (1)
NG_IPFW(4) FreeBSD Kernel Interfaces Manual NG_IPFW(4)
Содержание |
[править] NAME
ng_ipfw -- interface between netgraph and IP firewall
[править] SYNOPSIS
#include <netinet/ip_var.h>
#include <netgraph/ng_ipfw.h>
[править] DESCRIPTION
The ipfw node implements interface between ipfw(4) and netgraph(4) sub-
systems.
[править] HOOKS
The ipfw node supports an arbitrary number of hooks, which must be named
using only numeric characters.
[править] OPERATION
Once the ng_ipfw module is loaded into the kernel, a single node named
ipfw is automatically created. No more ipfw nodes can be created. Once
destroyed, the only way to recreate the node is to reload the ng_ipfw
module.
Packets can be injected into netgraph(4) using either the netgraph or
ngtee commands of the ipfw(8) utility. These commands require a numeric
cookie to be supplied as an argument. Packets are sent out of the hook
whose name equals the cookie value. If no hook matches, packets are dis-
carded. Packets injected via the netgraph command are tagged with struct
ipfw_rule_ref. This tag contains information that helps the packet to
re-enter ipfw(4) processing, should the packet come back from netgraph(4)
to ipfw(4).
Packets received by a node from netgraph(4) subsystem must be tagged with
struct ipfw_rule_ref tag. Packets re-enter IP firewall processing at the
next rule. If no tag is supplied, packets are discarded.
[править] CONTROL MESSAGES
This node type supports only the generic control messages.
[править] SHUTDOWN
This node shuts down upon receipt of a NGM_SHUTDOWN control message. Do
not do this, since the new ipfw node can only be created by reloading the
ng_ipfw module.
[править] SEE ALSO
ipfw(4) • netgraph(4) • ipfw(8) • mbuf_tags(9)
[править] HISTORY
The ipfw node type was implemented in FreeBSD 6.0.
[править] AUTHORS
The ipfw node was written by Gleb Smirnoff <glebius@FreeBSD.org>.
FreeBSD 9.0 March 2, 2010 FreeBSD 9.0
