Exploring the Mac OS X Firewall
Subject:   name resolution
Date:   2005-07-15 14:58:57
From:   ruy_lopez
Response to: edit or create?

Anyone any ideas for adding name resolution to the script. I think it would be a good enhancement.

All worked flawlessly by the way.

Nice article.

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • name resolution
    2005-07-23 07:05:17  peterhickman [View]

    The code to do this, taken from perldoc -f gethostbyaddr, would be something along the lines of this, put

    use Socket;

    at the top with the other use statements, and then when you are about to print out the address do sothing like the following.

    my $iaddr = inet_aton("");
    my $name = gethostbyaddr($iaddr, AF_INET);
    print "$name\n";

    However I find the raw IP addresses best as I can just drop them into my firewall.
    • name resolution
      2005-07-25 08:35:21  ruy_lopez [View]

      Thanks Peter for the push in the right direction. I now post (for any who are interested) the resulting ammendments to achieve name resolution AND ip data for each ipfw.log event. The result (after a bit of hammering) is the inclusion of these lines:

      # obviously include: use Socket; at the top, then:

      #look for this part of original script.

      printf( "%21s %s %21s : %8d : %8d\n",
      $data{$k}->{in} || 0,
      $data{$k}->{out} || 0 );

      # and in line with the indents apend ( or rather insert after the above ) the following :

      my ( $inaddress, $inport ) = split( ':' ,
      $inside );
      my $iaddr = inet_aton("$inaddress");
      my $namein = gethostbyaddr($iaddr,AF_INET);
      my ( $outaddress, $outport ) = split( ':' , $outside );
      my $oaddr = inet_aton("$outaddress");
      my $nameout = gethostbyaddr($oaddr,AF_INET);
      if ( defined($namein) ) {
      $namein = $namein;
      } else {
      $namein = "unresolved";
      if ( defined($nameout) ) {
      $nameout = $nameout;
      } else {
      $nameout = "unresolved";
      printf( "%21s %s %21s\n",
      $nameout );
      print "\n";

      # now the original script continues with these lines:

      print "\n";

      I warn you that this runs in a rather dirty spluttering manner but should work without errors.

      I'm not sure that I'll use it too much but I'm considering using it for daily crontab emailing (I've already changed ipfw from weekly to daily in /etc/periodical), so I get an email of all the addresses and names that ipfw has encountered during the day.

      Also, I'm sure the above could be simplified but my perl skills are not yet up to the task.