ip_fw.h revision 4036 
1/*
2 * Copyright (c) 1993 Daniel Boulet
3 * Copyright (c) 1994 Ugen J.S.Antsilevich
4 *
5 * Redistribution and use in source forms, with and without modification,
6 * are permitted provided that this entire comment appears intact.
7 *
8 * Redistribution in binary form may occur without any restrictions.
9 * Obviously, it would be nice if you gave credit where credit is due
10 * but requiring it would be too onerous.
11 *
12 * This software is provided ``AS IS'' without any warranties of any kind.
13 */
14
15/*
16 * Format of an IP firewall descriptor
17 *
18 * src, dst, src_mask, dst_mask are always stored in network byte order.
19 * flags and num_*_ports are stored in host byte order (of course).
20 * Port numbers are stored in HOST byte order.
21 */
22#ifndef _IP_FW_H
23#define _IP_FW_H
24
25struct ip_firewall {
26    struct ip_firewall *next;		/* Next firewall on chain */
27    struct in_addr src, dst;		/* Source and destination IP addr */
28    struct in_addr src_mask, dst_mask;	/* Mask for src and dest IP addr */
29    u_short flags;
30#define IP_FIREWALL_UNIVERSAL	0	/* This is a universal packet firewall*/
31#define IP_FIREWALL_TCP		1	/* This is a TCP packet firewall */
32#define IP_FIREWALL_UDP		2	/* This is a UDP packet firewall */
33#define IP_FIREWALL_ICMP	3	/* This is a ICMP packet firewall */
34#define IP_FIREWALL_KIND	3	/* Mask to isolate firewall kind */
35#define IP_FIREWALL_ACCEPT	4	/* This is an accept firewall (as */
36					/* opposed to a deny firewall) */
37#define IP_FIREWALL_SRC_RANGE	8	/* The first two src ports are a min
38					 * and max range (stored in host byte
39					 * order).
40					 */
41#define IP_FIREWALL_DST_RANGE	16	/* The first two dst ports are a min
42					 * and max range (stored in host byte
43					 * order).
44					 * (ports[0] <= port <= ports[1])
45					 */
46#define IP_FIREWALL_PRINT	32	/* In verbos mode print this firewall */
47#define IP_FIREWALL_FLAG_BITS	0x2f	/* All possible flag bits */
48    u_short num_src_ports, num_dst_ports;/* # of src ports and # of dst ports */
49    					/* in ports array (dst ports follow */
50    					/* src ports; max of 10 ports in all; */
51    					/* count of 0 means match all ports) */
52#define IP_FIREWALL_MAX_PORTS	10	/* A reasonable maximum */
53    u_short ports[IP_FIREWALL_MAX_PORTS]; /* Array of port numbers to match */
54};
55
56/*
57 * New IP firewall options for [gs]etsockopt at the RAW IP level.
58 */
59#define IP_FW_BASE_CTL	53
60
61#define IP_FW_ADD_BLK (IP_FW_BASE_CTL)
62#define IP_FW_ADD_FWD (IP_FW_BASE_CTL+1)
63#define IP_FW_CHK_BLK (IP_FW_BASE_CTL+2)
64#define IP_FW_CHK_FWD (IP_FW_BASE_CTL+3)
65#define IP_FW_DEL_BLK (IP_FW_BASE_CTL+4)
66#define IP_FW_DEL_FWD (IP_FW_BASE_CTL+5)
67#define IP_FW_FLUSH   (IP_FW_BASE_CTL+6)
68#define IP_FW_POLICY  (IP_FW_BASE_CTL+7)
69
70
71extern struct ip_firewall *ip_fw_blk_chain;
72extern struct ip_firewall *ip_fw_fwd_chain;
73extern int ip_fw_policy;
74
75#endif
76