IPFW tablearg questions
Andreas Nilsson
andrnils at gmail.com
Thu May 30 07:07:25 UTC 2013
Hello,
I started to test some more features of IPFW, namely skipto and fwd, both
in conjunction with tablearg.
The question:
Why can't you add a skipto to the default rule (65535)?
I also consider using tablearg with divert, but manpage is contradicting
itself in regards to divert with tablearg:
" divert port
Divert packets that match this rule to the divert(4) socket
bound
to port port. The search terminates."
vs
"The tablearg argument can be used with the following
actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto,
setfib, action parameters: tag, untag, rule options: limit, tagged."
Also, in the EXAMPLES section one can find:
" In the following example per-interface firewall is created:
ipfw table 10 add vlan20 12000
ipfw table 10 add vlan30 13000
ipfw table 20 add vlan20 22000
ipfw table 20 add vlan30 23000
..
ipfw add 100 ipfw skipto tablearg ip from any to any recv
'table(10)' in
ipfw add 200 ipfw skipto tablearg ip from any to any xmit
'table(10)' out
"
where ipfw add 100 ipfw skipto seems wrong...
Best regards
Andreas Nilsson
More information about the freebsd-net
mailing list