linux firewall module ((un)register_firewall())

Sun, 15 Aug 1999 01:54:19 -0700 

> No. ipchains controls the ipchains/ip_fw.c firewall. The register_firewall
> hooks are much more generic
And easy. Even with my skills it took only few hours to make loadable
firewall module that didn't crash the machine ;).
(had to remember to unregister it also *blush*)

This seems very much what I was looking for.
In case anyone is intrested how to make module which will plug itself to
firewall list I have added plain version to this mail.

Thing that I still have to check is wheather I can send packages from
the module (I don't see why not) and at which level this firewall is
lurking at. Priority number is not clear yet etc.
But as far as I have understood all routing (don't know about loopback)
will go trough it.


Thank you (all) very many. :)
Janne P�nk�l�

/* [EMAIL PROTECTED] */
int check_package(struct iphdr *ip,
                  const char *dev_name,
                  __u16 *redirport,
                  int direction,
                  struct sk_buff *skb)
{
  if(ip->saddr == 0x1f00000a || ip->daddr == 0x1f00000a)
    {
      DEBUG(1,("device:%s direction %d\n",dev_name,direction));
      hexdump(0,skb->data,skb->len);
                        return FW_SKIP;
    }
  return FW_SKIP;
}

int handle_fw_packet(struct firewall_ops *this,
                     int pf,
                     struct device *dev,
                     void *phdr,
                     void *arg,
                     struct sk_buff **pskb)
{
  return check_package(phdr, dev->name, arg, 0, *pskb);
}

int handle_in_packet(struct firewall_ops *this,
                     int pf, struct device *dev,
                     void *phdr,
                     void *arg,
                     struct sk_buff **pskb)
{
  return check_package(phdr, dev->name, arg, 1, *pskb);
}

int handle_out_packet(struct firewall_ops *this,
                      int pf,
                      struct device *dev,
                      void *phdr,
                      void *arg,
                      struct sk_buff **pskb)
{
  return check_package(phdr, dev->name, arg, 2, *pskb);
}

struct firewall_ops ip_my_firewall_ops=
{
  NULL,
  handle_fw_packet, /* fw */
  handle_in_packet, /* in */
  handle_out_packet, /* out */
  PF_INET,
  1
};

int init_module(void)
{
  DEBUG(1,("initializing built at:%s num:%s\n",MOD_DATE,MOD_REV));
  if(register_firewall(PF_INET,&ip_my_firewall_ops)<0)
    panic("Unable to register IP firewall.\n");
  return 0;
}

void cleanup_module(void)
{
  DEBUG(1,("cleaning all up hopefully\n"));
  unregister_firewall(PF_INET,&ip_my_firewall_ops);
  return;
}

Reply via email to