+// === TYPES ===
+typedef struct sKeyValue tKeyValue;
+typedef struct sFirewallMod tFirewallMod;
+typedef struct sModuleRule tModuleRule;
+typedef struct sRule tRule;
+typedef struct sChain tChain;
+
+// === STRUCTURES ===
+struct sKeyValue
+{
+ const char *Key;
+ const char *Value;
+};
+
+struct sFirewallMod
+{
+ const char *Name;
+
+ int (*Match)(tModuleRule *Rule, int AddrType,
+ const void *Src, const void *Dest,
+ Uint8 Type, Uint32 Flags,
+ size_t Length, const void *Data);
+
+ tModuleRule *(*Create)(tKeyValue *Params);
+};
+
+struct sModuleRule
+{
+ tModuleRule *Next;
+
+ tFirewallMod *Mod;
+
+ char Data[];
+};
+
+struct sRule
+{
+ tRule *Next;
+
+ int PacketCount; // Number of packets seen
+ int ByteCount; // Number of bytes seen (IP Payload bytes)
+
+ int bInvertSource; // Boolean NOT flag on source
+ void *Source; // Source address bytes
+ int SourceMask; // Source address mask bits
+
+ int bInvertDest; // Boolean NOT flag on destination
+ void *Dest; // Destination address bytes
+ int DestMask; // Destination address mask bits
+
+ tModuleRule *Modules; // Modules loaded for this rule
+
+ char Target[]; // Target rule name
+};
+
+struct sChain
+{
+ tChain *Next;
+
+ tRule *FirstRule;
+ tRule *LastRule;
+
+ char Name[];
+};
+