diff options
Diffstat (limited to 'static/freebsd/man4/ng_ipfw.4 3.html')
| -rw-r--r-- | static/freebsd/man4/ng_ipfw.4 3.html | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/static/freebsd/man4/ng_ipfw.4 3.html b/static/freebsd/man4/ng_ipfw.4 3.html new file mode 100644 index 00000000..d11fb748 --- /dev/null +++ b/static/freebsd/man4/ng_ipfw.4 3.html @@ -0,0 +1,89 @@ +<table class="head"> + <tr> + <td class="head-ltitle">NG_IPFW(4)</td> + <td class="head-vol">Device Drivers Manual</td> + <td class="head-rtitle">NG_IPFW(4)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">ng_ipfw</code> — + <span class="Nd">interface between netgraph and IP firewall</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> +<p class="Pp"><code class="In">#include + <<a class="In">netinet/ip_var.h</a>></code> + <br/> + <code class="In">#include + <<a class="In">netgraph/ng_ipfw.h</a>></code></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The <code class="Nm">ipfw</code> node implements interface between + <a class="Xr">ipfw(4)</a> and <a class="Xr">netgraph(4)</a> subsystems.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HOOKS"><a class="permalink" href="#HOOKS">HOOKS</a></h1> +<p class="Pp">The <code class="Nm">ipfw</code> node supports an arbitrary number + of hooks, which must be named using only numeric characters.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="OPERATION"><a class="permalink" href="#OPERATION">OPERATION</a></h1> +<p class="Pp">Once the <code class="Nm">ng_ipfw</code> module is loaded into the + kernel, a single node named <var class="Va">ipfw</var> is automatically + created. No more <code class="Nm">ipfw</code> nodes can be created. Once + destroyed, the only way to recreate the node is to reload the + <code class="Nm">ng_ipfw</code> module.</p> +<p class="Pp">Packets can be injected into <a class="Xr">netgraph(4)</a> using + either the <code class="Cm">netgraph</code> or <code class="Cm">ngtee</code> + commands of the <a class="Xr">ipfw(8)</a> utility. These commands require a + numeric cookie to be supplied as an argument. Packets are sent out of the + hook whose name equals the cookie value. If no hook matches, packets are + discarded. Packets injected via the <code class="Cm">netgraph</code> command + are tagged with <var class="Vt">struct ipfw_rule_ref</var>. This tag + contains information that helps the packet to re-enter + <a class="Xr">ipfw(4)</a> processing, should the packet come back from + <a class="Xr">netgraph(4)</a> to <a class="Xr">ipfw(4)</a>.</p> +<p class="Pp">Packets received by a node from <a class="Xr">netgraph(4)</a> + subsystem must be tagged with <var class="Vt">struct ipfw_rule_ref</var> + tag. Packets re-enter IP firewall processing at the next rule. If no tag is + supplied, packets are discarded.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="CONTROL_MESSAGES"><a class="permalink" href="#CONTROL_MESSAGES">CONTROL + MESSAGES</a></h1> +<p class="Pp">This node type supports only the generic control messages.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SHUTDOWN"><a class="permalink" href="#SHUTDOWN">SHUTDOWN</a></h1> +<p class="Pp">This node shuts down upon receipt of a + <code class="Dv">NGM_SHUTDOWN</code> control message. Do not do this, since + the new <code class="Nm">ipfw</code> node can only be created by reloading + the <code class="Nm">ng_ipfw</code> module.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">ipfw(4)</a>, <a class="Xr">netgraph(4)</a>, + <a class="Xr">ipfw(8)</a>, <a class="Xr">mbuf_tags(9)</a></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> +<p class="Pp">The <code class="Nm">ipfw</code> node type was implemented in + <span class="Ux">FreeBSD 6.0</span>.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> +<p class="Pp">The <code class="Nm">ipfw</code> node was written by + <span class="An">Gleb Smirnoff</span> + <<a class="Mt" href="mailto:glebius@FreeBSD.org">glebius@FreeBSD.org</a>>.</p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">March 2, 2010</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |