IPFW eXtended tables [Was: Re: IPFW tables, dummynet and IPv6]
Pawel Tyll
ptyll at nitronet.pl
Sun Dec 25 19:45:12 UTC 2011
> At the moment maximum number of tables remains the same however it is
> now possible to define IPFW_TABLES_MAX to 65k without much (memory)
> overhead. Since pointer to tables are stored in array, defining 2^32
> tables require 4G * (8+8+1) memory for pointers only.
65k is also a good amount. Gives me 10 tables per vlan. :)
> By the way, I see two possible syntax changes for interface tables:
> ipfw add .. skipto tablearg ip from any to any lookup
> <src-iface|dst-iface|iface>
> or
> ipfw add .. skipto tablearg ip from any to any recv|xmit|via table(X)
> Personally I like 'lookup' variant.
recv|xmit|via is in the ipfw spirit, so while personal tastes are
always important, I would personally keep it consistent.
More information about the freebsd-net
mailing list