ip_fw.h revision 4036
1/* 2 * Copyright (c) 1993 Daniel Boulet 3 * Copyright (c) 1994 Ugen J.S.Antsilevich 4 * 5 * Redistribution and use in source forms, with and without modification, 6 * are permitted provided that this entire comment appears intact. 7 * 8 * Redistribution in binary form may occur without any restrictions. 9 * Obviously, it would be nice if you gave credit where credit is due 10 * but requiring it would be too onerous. 11 * 12 * This software is provided ``AS IS'' without any warranties of any kind. 13 */ 14 15/* 16 * Format of an IP firewall descriptor 17 * 18 * src, dst, src_mask, dst_mask are always stored in network byte order. 19 * flags and num_*_ports are stored in host byte order (of course). 20 * Port numbers are stored in HOST byte order. 21 */ 22#ifndef _IP_FW_H 23#define _IP_FW_H 24 25struct ip_firewall { 26 struct ip_firewall *next; /* Next firewall on chain */ 27 struct in_addr src, dst; /* Source and destination IP addr */ 28 struct in_addr src_mask, dst_mask; /* Mask for src and dest IP addr */ 29 u_short flags; 30#define IP_FIREWALL_UNIVERSAL 0 /* This is a universal packet firewall*/ 31#define IP_FIREWALL_TCP 1 /* This is a TCP packet firewall */ 32#define IP_FIREWALL_UDP 2 /* This is a UDP packet firewall */ 33#define IP_FIREWALL_ICMP 3 /* This is a ICMP packet firewall */ 34#define IP_FIREWALL_KIND 3 /* Mask to isolate firewall kind */ 35#define IP_FIREWALL_ACCEPT 4 /* This is an accept firewall (as */ 36 /* opposed to a deny firewall) */ 37#define IP_FIREWALL_SRC_RANGE 8 /* The first two src ports are a min 38 * and max range (stored in host byte 39 * order). 40 */ 41#define IP_FIREWALL_DST_RANGE 16 /* The first two dst ports are a min 42 * and max range (stored in host byte 43 * order). 44 * (ports[0] <= port <= ports[1]) 45 */ 46#define IP_FIREWALL_PRINT 32 /* In verbos mode print this firewall */ 47#define IP_FIREWALL_FLAG_BITS 0x2f /* All possible flag bits */ 48 u_short num_src_ports, num_dst_ports;/* # of src ports and # of dst ports */ 49 /* in ports array (dst ports follow */ 50 /* src ports; max of 10 ports in all; */ 51 /* count of 0 means match all ports) */ 52#define IP_FIREWALL_MAX_PORTS 10 /* A reasonable maximum */ 53 u_short ports[IP_FIREWALL_MAX_PORTS]; /* Array of port numbers to match */ 54}; 55 56/* 57 * New IP firewall options for [gs]etsockopt at the RAW IP level. 58 */ 59#define IP_FW_BASE_CTL 53 60 61#define IP_FW_ADD_BLK (IP_FW_BASE_CTL) 62#define IP_FW_ADD_FWD (IP_FW_BASE_CTL+1) 63#define IP_FW_CHK_BLK (IP_FW_BASE_CTL+2) 64#define IP_FW_CHK_FWD (IP_FW_BASE_CTL+3) 65#define IP_FW_DEL_BLK (IP_FW_BASE_CTL+4) 66#define IP_FW_DEL_FWD (IP_FW_BASE_CTL+5) 67#define IP_FW_FLUSH (IP_FW_BASE_CTL+6) 68#define IP_FW_POLICY (IP_FW_BASE_CTL+7) 69 70 71extern struct ip_firewall *ip_fw_blk_chain; 72extern struct ip_firewall *ip_fw_fwd_chain; 73extern int ip_fw_policy; 74 75#endif 76