Article:  |
Exploring the Mac OS X Firewall | |
| Subject: | name resolution | |
| Date: | 2005-07-15 14:58:57 | |
| From: | ruy_lopez | |
|
Response to: edit or create?
|
||
|
Anyone any ideas for adding name resolution to the checkfw.pl script. I think it would be a good enhancement.
|
||
Showing messages 1 through 2 of 2.
-
name resolution
2005-07-23 07:05:17 peterhickman [View]
-
name resolution
2005-07-25 08:35:21 ruy_lopez [View]
Thanks Peter for the push in the right direction. I now post (for any who are interested) the resulting ammendments to achieve name resolution AND ip data for each ipfw.log event. The result (after a bit of hammering) is the inclusion of these lines:
# obviously include: use Socket; at the top, then:
#look for this part of original script.
printf( "%21s %s %21s : %8d : %8d\n",
$inside,
$direction,
$outside,
$data{$k}->{in} || 0,
$data{$k}->{out} || 0 );
# and in line with the indents apend ( or rather insert after the above ) the following :
my ( $inaddress, $inport ) = split( ':' ,
$inside );
my $iaddr = inet_aton("$inaddress");
my $namein = gethostbyaddr($iaddr,AF_INET);
my ( $outaddress, $outport ) = split( ':' , $outside );
my $oaddr = inet_aton("$outaddress");
my $nameout = gethostbyaddr($oaddr,AF_INET);
if ( defined($namein) ) {
$namein = $namein;
} else {
$namein = "unresolved";
}
if ( defined($nameout) ) {
$nameout = $nameout;
} else {
$nameout = "unresolved";
}
printf( "%21s %s %21s\n",
$namein,
$direction,
$nameout );
print "\n";
# now the original script continues with these lines:
}
print "\n";
}
I warn you that this runs in a rather dirty spluttering manner but should work without errors.
I'm not sure that I'll use it too much but I'm considering using it for daily crontab emailing (I've already changed ipfw from weekly to daily in /etc/periodical), so I get an email of all the addresses and names that ipfw has encountered during the day.
Also, I'm sure the above could be simplified but my perl skills are not yet up to the task.
use Socket;
at the top with the other use statements, and then when you are about to print out the address do sothing like the following.
my $iaddr = inet_aton("211.22.171.213");
my $name = gethostbyaddr($iaddr, AF_INET);
print "$name\n";
However I find the raw IP addresses best as I can just drop them into my firewall.