Better to have a single table - there's a min penalty for each lookup, + lg(n) or so. You can use the second parameter for interesting things, like a rule number to skipto E.g. ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup src-ip $table_number - M