ipfw and tablearg formatting
Andreas Nilsson
andrnils at gmail.com
Tue Jun 4 16:00:14 UTC 2013
On Tue, Jun 4, 2013 at 4:06 PM, Julian Elischer <julian at freebsd.org> wrote:
> On 6/3/13 11:40 PM, Michael Sierchio wrote:
>
>> On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson <andrnils at gmail.com>
>> wrote:
>>
>>> Hello,
>>>
>>> Still trying out the tablearg functionality of ipfw and found the
>>> following:
>>>
>>> 1)
>>> # ipfw table 100 add 192.168.0.0/24 10.0.0.1
>>> # ipfw table 100 list
>>> 192.168.0.0/24 167772161
>>>
>>> I guess it is correct, but not user friendly. Can't the tablearg part be
>>> printed as normal dotted decimal?
>>>
>> No - it's an integer. The semantics of the table arg are up to you,
>> but it could be a rule number, used in a computed go to, as in
>>
>
> the only way to get this printed correctly would be for the printing
> routines to
> keep enough state about the rules using the table to be able to interpret
> the tablearg according to how it was used. this would be a task that is way
> more complicated than it is worth.
>
Fair point.
Best regards
Andreas
>
>> ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup
>> src-ip 23
>>
>> I use it to classify traffic based on country of origin.
>>
>> Another question: While using tablearg, is there a way to get statistics
>>> of
>>> each "individual" computed value instead of just the aggregate
>>> statistics
>>> for all rules "generated" by the tablearg rule?
>>>
>> you can log where the target rule is executed, or have a count rule.
>>
>> - M
>> ______________________________**_________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/**mailman/listinfo/freebsd-net<http://lists.freebsd.org/mailman/listinfo/freebsd-net>
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@**freebsd.org<freebsd-net-unsubscribe at freebsd.org>
>> "
>>
>>
>>
>
More information about the freebsd-net
mailing list