IPFW Table Size

[Freddie Cash]

On Fri, May 3, 2013 at 1:13 PM, Michael Sierchio <kudzu at tenebras.com> wrote:

> The syntax is described in the man page, but there are no examples.  My
> example works ;-)
>
>
Yes, I know it's in the man page, but the description is beyond vague, and
there are no usage examples, nor comparisons to the "normal" table(number)
syntax.  Hence my questions.  :)


> The first entry is a network, which might have a /32, in which case it's a
> single IP addr.
>
>
> > What's the difference between:
> >
> > ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
> > src-ip $table_number
> >
> > ipfw add 05000 skipto tablearge ip from table\($table_number\) to my in
> > recv $if_wan
>

So, the difference would be that you can use table(number) anywhere you can
use an IP, but "lookup" syntax goes at the end of a rule and the result of
the lookup is then put into the normal rule in the field specified?

Meaning, the two examples above are identical (minus my just-noticed typos)?

Basically, the "lookup" syntax is a way of doing variable expansion in the
normal rule syntax.
  1.  Do the lookup, get a result
  2.  Replace <field> in main rule with result from lookup
  3.  Evaluate the rule and compare the packet to it.

Interesting.  This would cleanup the syntax of my rules-creation scripts
and make it easier to manually type rules at the CLI.

Anyone feel like updating the man page to make the syntax easier to
understand, and to provide some usage examples?  ;)

-- 
Freddie Cash
fjwcash at gmail.com