ipfw prefix-list support request
Dmitry Sergienko
trooper+freebsd+ipfw at email.dp.ua
Mon May 17 06:42:10 PDT 2004
Hi!
I'm thinking about external prefix-lists in ipfw. This is like
prefix-lists in Cisco IOS or tables in OpenBSD pf.
In my opinion it will be very convenient to do the following:
# use prefix-list
ipfw add 100 allow ip from prefix-list goodcustomers to any
// add prefixes to prefix-list
#ipfw prefix-list goodcustomers add 10.0.0.0/24
ipfw prefix-list goodcustomers add 10.0.1.0/30
ipfw prefix-list goodcustomers add 10.0.1.5
// list prefixes in prefix-list
#ipfw prefix-list goodcustomers list
10.0.0.0/24 (5 matches)
10.0.1.0/24
// clear counters in prefix-list
#ipfw prefix-list goodcustomers zero
// show all available prefix-lists
#ipfw prefix-list show
good-customers
// delete items from prefix-list
#ipfw prefix-list goodcustomers delete 10.0.0.0/24
// delete all items from prefix-list
#ipfw prefix-list goodcustomers flush
The main advantage is to maintain list of prefixes separately from
rule, without tweaking the rule.
Current syntax in ipfw2 doesn't allow to do this (or have I missed
something?).
Please tell your opinion about this feature, is it really will be useful
not only for me? If so, we will try to implement this.
--
Best wishes,
Dmitry Sergienko (SDA104-RIPE)
Trifle Co., Ltd.
More information about the freebsd-ipfw
mailing list