GSP
Quick Navigator
Search Site

Linux VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages

Manual Reference Pages  - NG_IPFW (4)

NAME
ng_ipfw - interface between netgraph and IP firewall

CONTENTS

Synopsis
Description
Hooks
Operation
Control Messages
Shutdown
See Also
History
Authors

SYNOPSIS

.In netgraph/ng_ipfw.h

DESCRIPTION
The ipfw node implements interface between ipfw(4) and netgraph(4) subsystems.

HOOKS
The ipfw node supports an arbitrary number of hooks, which must be named using only numeric characters.

OPERATION
Once the ng_ipfw module is loaded into the kernel, a single node named ipfw is automatically created. No more ipfw nodes can be created. Once destroyed, the only way to recreate the node is to reload the ng_ipfw module.

Packets can be injected into netgraph(4) using either the netgraph or ngtee commands of the ipfw(8) utility. These commands require a numeric cookie to be supplied as an argument. Packets are sent out of the hook whose name equals the cookie value. If no hook matches, packets are discarded. Packets injected via the netgraph command are tagged with
.Vt struct ng_ipfw_tag . This tag contains information that helps the packet to re-enter ipfw(4) processing, should the packet come back from netgraph(4) to ipfw(4). 

struct ng_ipfw_tag {
        struct m_tag    mt;             /* tag header */
        struct ip_fw    *rule;          /* matching rule */
        struct ifnet    *ifp;           /* interface, for ip_output */
        int             dir;            /* packet direction */
#define NG_IPFW_OUT     0
#define NG_IPFW_IN      1
        int             flags;          /* flags, for ip_output() */
};

Packets received by a node from netgraph(4) must be tagged with
.Vt struct ng_ipfw_tag tag. Packets re-enter IP firewall processing at the next rule. If no tag is supplied, packets are discarded.

CONTROL MESSAGES
This node type supports only the generic control messages.

SHUTDOWN
This node shuts down upon receipt of a NGM_SHUTDOWN control message. Do not do this, since the new ipfw node can only be created by reloading the ng_ipfw module.

SEE ALSO
ipfw(4), netgraph(4), ipfw(8), mbuf_tags(9)

HISTORY
The ipfw node type was implemented in
.Fx 6.0 .

AUTHORS
The ipfw node was written by
.An Gleb Smirnoff Aq glebius@FreeBSD.org .
Search for    or go to Top of page |  Section 4 |  Main Index

February 5, 2005 NG_IPFW (4)

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.