IPFW Table Size
Michael Sierchio
kudzu at tenebras.com
Fri May 3 20:13:48 UTC 2013
The syntax is described in the man page, but there are no examples. My
example works ;-)
The first entry is a network, which might have a /32, in which case it's a
single IP addr.
On Fri, May 3, 2013 at 12:43 PM, Freddie Cash <fjwcash at gmail.com> wrote:
>
> On Fri, May 3, 2013 at 12:33 PM, Michael Sierchio <kudzu at tenebras.com>wrote:
>
>> Better to have a single table - there's a min penalty for each lookup, +
>> lg(n) or so.
>>
>> You can use the second parameter for interesting things, like a rule
>> number
>> to skipto
>>
>> E.g.
>>
>> ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
>> src-ip $table_number
>>
>
> First time I've seen the "lookup" syntax. There's next to no information
> on it in the ipfw man page, and the info there doesn't really make it clear
> how to use it.
>
> Can "lookup" syntax be used as an alternative to "table($number)" syntax
> (which is a pain to enter on command-lines)? Or are they completely
> separate? Can the same table be used for both styles of lookups?
>
> From what I can tell, a table can only have 2 items per entry: IP and a
> number (the tablearg). So where is the "lookup" getting src-ip/dest-ip/etc
> from?
>
> What's the difference between:
>
> ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
> src-ip $table_number
>
> ipfw add 05000 skipto tablearge ip from table\($table_number\) to my in
> recv $if_wan
>
> --
> Freddie Cash
> fjwcash at gmail.com
>
More information about the freebsd-ipfw
mailing list