ipfw and tablearg formatting
Julian Elischer
julian at freebsd.org
Tue Jun 4 14:06:25 UTC 2013
On 6/3/13 11:40 PM, Michael Sierchio wrote:
> On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson <andrnils at gmail.com> wrote:
>> Hello,
>>
>> Still trying out the tablearg functionality of ipfw and found the following:
>>
>> 1)
>> # ipfw table 100 add 192.168.0.0/24 10.0.0.1
>> # ipfw table 100 list
>> 192.168.0.0/24 167772161
>>
>> I guess it is correct, but not user friendly. Can't the tablearg part be
>> printed as normal dotted decimal?
> No - it's an integer. The semantics of the table arg are up to you,
> but it could be a rule number, used in a computed go to, as in
the only way to get this printed correctly would be for the printing
routines to
keep enough state about the rules using the table to be able to interpret
the tablearg according to how it was used. this would be a task that
is way
more complicated than it is worth.
>
> ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup src-ip 23
>
> I use it to classify traffic based on country of origin.
>
>> Another question: While using tablearg, is there a way to get statistics of
>> each "individual" computed value instead of just the aggregate statistics
>> for all rules "generated" by the tablearg rule?
> you can log where the target rule is executed, or have a count rule.
>
> - M
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
More information about the freebsd-net
mailing list