IPFW2 tables
Thomas Wolf
tw at wsf.at
Tue Nov 23 22:32:58 GMT 2004
NetAdmin <daemon at foxchat.net> schrieb:
> > > Set rule as; *Note: found there was a problem using table (1)
> > > {fwcmd} add 300 deny ip from table '1' to me
> >
> > The correct syntax that should work under any shell should be
> > {fwcmd} add 300 deny ip from table\(1\) to me
> > or
> > {fwcmd} add 300 deny ip from "table(1)" to me
> >
> >
>
> Great! That worked. Thanks. Now, is there a page I can refer to for
> other commands and syntax like adding multiple ports?
'man 8 ipfw' is still the best reference for commands and syntax (IMHO).
> I tried the
> following and assume it works.
>
> ${fwcmd} add 301 deny all from "table(2)" to me 20-25,110,113,143
>
> # ipfw show
> 00301 0 0 deny ip from table(2) to me dst-port
> 20-25,110,113,143
That looks ok. Although I would 'unreach host' or 'reset' packets
to ident (port 113). 'Dropping' them just gets you delays when
querying mailservers and other services.
Thomas
--
Thomas Wolf
Wiener Software Fabrik
Dubas u. Wolf GMBH
1050 Wien, Mittersteig 4
More information about the freebsd-ipfw
mailing list