IPFW Table Size
Freddie Cash
fjwcash at gmail.com
Fri May 3 19:43:52 UTC 2013
On Fri, May 3, 2013 at 12:33 PM, Michael Sierchio <kudzu at tenebras.com>wrote:
> Better to have a single table - there's a min penalty for each lookup, +
> lg(n) or so.
>
> You can use the second parameter for interesting things, like a rule number
> to skipto
>
> E.g.
>
> ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
> src-ip $table_number
>
First time I've seen the "lookup" syntax. There's next to no information
on it in the ipfw man page, and the info there doesn't really make it clear
how to use it.
Can "lookup" syntax be used as an alternative to "table($number)" syntax
(which is a pain to enter on command-lines)? Or are they completely
separate? Can the same table be used for both styles of lookups?
>From what I can tell, a table can only have 2 items per entry: IP and a
number (the tablearg). So where is the "lookup" getting src-ip/dest-ip/etc
from?
What's the difference between:
ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
src-ip $table_number
ipfw add 05000 skipto tablearge ip from table\($table_number\) to my in
recv $if_wan
--
Freddie Cash
fjwcash at gmail.com
More information about the freebsd-ipfw
mailing list