Exploring the Mac OS X Firewall
Subject:   name resolution
Date:   2005-07-25 08:35:21
From:   ruy_lopez
Response to: name resolution

Thanks Peter for the push in the right direction. I now post (for any who are interested) the resulting ammendments to achieve name resolution AND ip data for each ipfw.log event. The result (after a bit of hammering) is the inclusion of these lines:

# obviously include: use Socket; at the top, then:

#look for this part of original script.

printf( "%21s %s %21s : %8d : %8d\n",
$data{$k}->{in} || 0,
$data{$k}->{out} || 0 );

# and in line with the indents apend ( or rather insert after the above ) the following :

my ( $inaddress, $inport ) = split( ':' ,
$inside );
my $iaddr = inet_aton("$inaddress");
my $namein = gethostbyaddr($iaddr,AF_INET);
my ( $outaddress, $outport ) = split( ':' , $outside );
my $oaddr = inet_aton("$outaddress");
my $nameout = gethostbyaddr($oaddr,AF_INET);
if ( defined($namein) ) {
$namein = $namein;
} else {
$namein = "unresolved";
if ( defined($nameout) ) {
$nameout = $nameout;
} else {
$nameout = "unresolved";
printf( "%21s %s %21s\n",
$nameout );
print "\n";

# now the original script continues with these lines:

print "\n";

I warn you that this runs in a rather dirty spluttering manner but should work without errors.

I'm not sure that I'll use it too much but I'm considering using it for daily crontab emailing (I've already changed ipfw from weekly to daily in /etc/periodical), so I get an email of all the addresses and names that ipfw has encountered during the day.

Also, I'm sure the above could be simplified but my perl skills are not yet up to the task.