sending pf firewall rules directly to /dev/pf using ioctl

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

sending pf firewall rules directly to /dev/pf using ioctl

Postby adam81 » Thu Oct 04, 2018 11:40 am

I'm searching for a way to add my daemon process an option to configure the network
kernel module with some basic firewall capabilities (block per IP,port,protocol,direction combination).

This operation is pretty easy when done from "pfctl" tool by setting some proper
configuration files that describe the filtering rules.

For example, To block IP address from any network interface in my setup,
requires adding "block from any to <ip_addr>" string to file "/etc/pf.conf" file
and reload the firewall by "sudo pfctl -d" and then "sudo pfctl -e -f /etc/pf.conf".

But my goal is to do so directly from my process without the intermediation of pfctl

So I've analyzed "pfctl" with dtrace and notice that in order to configure these rules,
it first open the character device "/dev/pf" and then send its commands using "ioctl"

Perhaps anyone already reversed this tool and let me know how can I translate "block from any to 0.0.0.0" to ioctl command ?

thanks,
adam81
 
Posts: 26
Joined: Mon Jan 25, 2016 9:26 am

Re: sending pf firewall rules directly to /dev/pf using ioct

Postby scknight » Thu Oct 04, 2018 12:55 pm

There's lot's of useful information in the following FreeBSD man page

https://www.freebsd.org/cgi/man.cgi?pf(4)
scknight
 
Posts: 38
Joined: Thu Nov 10, 2016 1:01 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 7 guests