ipfw prefix-list support request
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon May 17 07:17:36 PDT 2004
On Mon, 17 May 2004, Dmitry Sergienko wrote:
> I'm thinking about external prefix-lists in ipfw. This is like
> prefix-lists in Cisco IOS or tables in OpenBSD pf.
> In my opinion it will be very convenient to do the following:
also sound like chains ?
...
> The main advantage is to maintain list of prefixes separately from
> rule, without tweaking the rule.
> Current syntax in ipfw2 doesn't allow to do this (or have I missed
> something?).
>
> Please tell your opinion about this feature, is it really will be useful
> not only for me? If so, we will try to implement this.
use ipfw -p
p.ex. with m4 you can do
define(`goodcustomers',`{ 10.0.0.0/8 or 192.168.0.0/24 }')dnl
add permit ip from goodcustomers to goodcustomers
or s.th. like that. Of course you do not need -p /usr/bin/m4
if you simply want to write
add permit ip from { 10.0.0.0/8 or 192.168.0.0/24 } to { 10.0.0.0/8 or 192.168.0.0/24 }
You might want to use perl or s.th. else to build up the list
if you prefer Cisco config style but that's really a matter
of the preprocessor then.
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the freebsd-ipfw
mailing list