[Was]: Problem with ipfw table add 0.0.0.0/8
andrnils at gmail.com
Mon May 19 09:15:49 UTC 2014
On Mon, May 19, 2014 at 10:54 AM, Dennis Yusupoff <dyr at smartspb.net> wrote:
> Alex, Bill, it's a good news, glad to hear it.
> Let me ask even more functionality:
> 6. Test if entry exist in table:
> ipfw table <id> test <item>
> It extremely useful in case of big, unordered data in the table - for
> example different networks with different mask. Now it's almost
> impossible to find out is checked IP occurs in the table or not.
So having 10.0.1.1/16 in table and looking for 10.0.240.15 would say in
table? That would be nice.
> 7. Are the any reason to keep use numbers only as table names? The more
> tables uses, the harder to distinct tables in quick look at rules. Compare:
> ipfw add [line] allow icmp from "table(1)" to "table(2)"
> and something like
> ipfw add [line] allow icmp from "table(trusted)" to "table(backbone)"
> Any comments are welcome.
> If table can have names, the above would be really nice as well.
> 19.05.2014 11:51, Bill Yuan пишет:
> > Hi Alex,
> > You guys are chatting here! I agree with you, the table is the place
> > should be enhanced, and I am working in this way as described below
> > 1. Support more types.
> > ip : cidr
> > ipv4 : same as ip
> > ipv6 : ip addr v6
> > mac : mac address
> > iface : interface name
> > interface : same as iface
> > port : it is Alex's idea, I dont know how it works.
> > 2. Setup the table type
> > ipfw table <id> type <type>
> > it will setup the type of the table, and flush the table
> > 3. Get table type
> > ipfw table <id> type show
> > 4. Add item into the table
> > ipfw table <id> add <item>
> > a. get the type of table <id>
> > b. if the type is not defined yet, that also means the table is new or
> > empty,
> > then guess the type based on the <item>
> > c. format the <item> and insert into the table.
> > In this way so call "back compatible"
> > 5. how to use table
> > case 1
> > ipfw add [line] allow icmp from "table(1)" to "table(2)"
> > in the ipfw userland command, it should check the table1 and table 2
> > should be ipv4 or ipv6 type
> > case 2
> > ipfw add allow icmp from any to any MAC "table(3)" "table(4)"
> > in this case, the table(3) and table(4) should be a table of MAC
> > addresses.
> > case 3
> > ipfw add allow icmp from any to any via table(5)
> > in this case, the table 5 should be table of interface names.
> Best regards,
> Dennis Yusupoff,
> network engineer of
> Smart-Telecom ISP
> Russia, Saint-Petersburg
> freebsd-net at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net