[Was]: Problem with ipfw table add 0.0.0.0/8

Andreas Nilsson andrnils at gmail.com
Mon May 19 09:15:49 UTC 2014 

On Mon, May 19, 2014 at 10:54 AM, Dennis Yusupoff <dyr at smartspb.net> wrote:

> Alex, Bill, it's a good news, glad to hear it.
>
> Let me ask even more functionality:
>
> 6. Test if entry exist in table:
> ipfw table <id> test <item>
> It extremely useful in case of big, unordered data in the table - for
> example different networks with different mask. Now it's almost
> impossible to find out is checked IP occurs in the table or not.
>
So having 10.0.1.1/16 in table and looking for 10.0.240.15 would say in
table? That would be nice.


>
> 7. Are the any reason to keep use numbers only as table names? The more
> tables uses, the harder to distinct tables in quick look at rules. Compare:
>     ipfw add [line] allow icmp from "table(1)" to "table(2)"
> and something like
>     ipfw add [line] allow icmp from "table(trusted)" to "table(backbone)"
>
> Any comments are welcome.
>
> If table can have names, the above would be really nice as well.

/A

>
> 19.05.2014 11:51, Bill Yuan пишет:
> > Hi Alex,
> >
> > You guys are chatting here! I agree with you, the table is the place
> > should be enhanced, and I am working in this way as described below
> >
> > 1. Support more types.
> > ip   :  cidr
> > ipv4  : same as ip
> > ipv6   : ip addr v6
> > mac   : mac address
> > iface   : interface name
> > interface   : same as iface
> > port    :   it is Alex's idea, I dont know how it works.
> >
> > 2. Setup the table type
> > ipfw table <id> type <type>
> > it will setup the type of the table, and flush the table
> >
> > 3. Get table type
> > ipfw table <id> type show
> >
> > 4. Add item into the table
> > ipfw table <id> add <item>
> >
> > a. get the type of table <id>
> > b. if the type is not defined yet, that also means the table is new or
> > empty,
> >         then guess the type based on the <item>
> > c. format the <item> and insert into the table.
> >
> > In this way so call "back compatible"
> >
> > 5. how to use table
> >
> > case 1
> > ipfw add [line] allow icmp from "table(1)" to "table(2)"
> > in the ipfw userland command, it should check the table1 and table 2
> > should be ipv4 or ipv6 type
> >
> > case 2
> > ipfw add allow icmp from any to any MAC "table(3)" "table(4)"
> > in this case, the table(3) and table(4) should be a table of MAC
> > addresses.
> >
> > case 3
> > ipfw  add allow icmp from any to any via table(5)
> > in this case, the table 5 should be table of interface names.
> >
>
> --
> Best regards,
> Dennis Yusupoff,
> network engineer of
> Smart-Telecom ISP
> Russia, Saint-Petersburg
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

More information about the freebsd-net mailing list