Exploring the Mac OS X Firewall
Subject:   name resolution
Date:   2005-07-23 07:05:17
From:   peterhickman
Response to: name resolution

The code to do this, taken from perldoc -f gethostbyaddr, would be something along the lines of this, put

use Socket;

at the top with the other use statements, and then when you are about to print out the address do sothing like the following.

my $iaddr = inet_aton("");
my $name = gethostbyaddr($iaddr, AF_INET);
print "$name\n";

However I find the raw IP addresses best as I can just drop them into my firewall.

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • name resolution
    2005-07-25 08:35:21  ruy_lopez [View]

    Thanks Peter for the push in the right direction. I now post (for any who are interested) the resulting ammendments to achieve name resolution AND ip data for each ipfw.log event. The result (after a bit of hammering) is the inclusion of these lines:

    # obviously include: use Socket; at the top, then:

    #look for this part of original script.

    printf( "%21s %s %21s : %8d : %8d\n",
    $data{$k}->{in} || 0,
    $data{$k}->{out} || 0 );

    # and in line with the indents apend ( or rather insert after the above ) the following :

    my ( $inaddress, $inport ) = split( ':' ,
    $inside );
    my $iaddr = inet_aton("$inaddress");
    my $namein = gethostbyaddr($iaddr,AF_INET);
    my ( $outaddress, $outport ) = split( ':' , $outside );
    my $oaddr = inet_aton("$outaddress");
    my $nameout = gethostbyaddr($oaddr,AF_INET);
    if ( defined($namein) ) {
    $namein = $namein;
    } else {
    $namein = "unresolved";
    if ( defined($nameout) ) {
    $nameout = $nameout;
    } else {
    $nameout = "unresolved";
    printf( "%21s %s %21s\n",
    $nameout );
    print "\n";

    # now the original script continues with these lines:

    print "\n";

    I warn you that this runs in a rather dirty spluttering manner but should work without errors.

    I'm not sure that I'll use it too much but I'm considering using it for daily crontab emailing (I've already changed ipfw from weekly to daily in /etc/periodical), so I get an email of all the addresses and names that ipfw has encountered during the day.

    Also, I'm sure the above could be simplified but my perl skills are not yet up to the task.