ipfw and tablearg formatting

Andreas Nilsson andrnils at gmail.com
Tue Jun 4 15:53:42 UTC 2013


On Mon, Jun 3, 2013 at 5:40 PM, Michael Sierchio <kudzu at tenebras.com> wrote:

> On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson <andrnils at gmail.com>
> wrote:
> > Hello,
> >
> > Still trying out the tablearg functionality of ipfw and found the
> following:
> >
> > 1)
> > # ipfw table 100 add 192.168.0.0/24 10.0.0.1
> > # ipfw table 100 list
> > 192.168.0.0/24 167772161
> >
> > I guess it is correct, but not user friendly. Can't the tablearg part be
> > printed as normal dotted decimal?
>
> No - it's an integer. The semantics of the table arg are up to you,
> but it could be a rule number, used in a computed go to, as in
>
> ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup src-ip
> 23


> I use it to classify traffic based on country of origin.
>

Interesting. So given that table 23 has
1.2.3.4/24 6000
the rule would would be
skipto 6000 ip from any to me in recv em1 src-ip 1.2.3.4/24 ?

>
> > Another question: While using tablearg, is there a way to get statistics
> of
> > each "individual" computed  value instead of just the aggregate
> statistics
> > for all rules "generated" by the tablearg rule?
>
> you can log where the target rule is executed, or have a count rule.
>
> - M
>
Great, I'll look into that.

Best regards
Andreas


More information about the freebsd-net mailing list