misc/103328: sugestions about ipfw table
João Rocha Braga Filho
goffredo at gmail.com
Sun Sep 17 08:40:26 PDT 2006
>Number: 103328
>Category: misc
>Synopsis: sugestions about ipfw table
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 17 15:40:23 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: João Rocha Braga Filho
>Release: 6.1
>Organization:
Paratyinfo
>Environment:
>Description:
Why not a struct? Something like this:
tablearg
tablearg_2
tablearg_MAC_1
tablearg_MAC_2
tablearg_IP_2
It can be used like this:
ipfw pipe 110 config mask src-ip 0xffffffff bw 64Kbit/s queue 10Kbytes
ipfw pipe 112 config mask src-ip 0xffffffff bw 256Kbit/s queue 40Kbytes
ipfw pipe 210 config mask dst-ip 0xffffffff bw 64Kbit/s queue 10Kbytes
ipfw pipe 212 config mask dst-ip 0xffffffff bw 256Kbit/s queue 40Kbytes
...
ipfw table 1 add 192.168.2.2 110 210 00:01:02:03:04:05
ipfw table 1 add 192.168.0.2 112 212 00:03:04:05:06:07
...
ipfw add pipe tablearg ip from table(1) to any MAC any tablearg_MAC_1
ipfw add pipe tablearg_2 ip from any to table(1) MAC tablearg_MAC_1 any
...
ipfw add deny ip from any to any
It can help against spoofing IPs and limiting traffic.
thanks,
João Rocha.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list