ipfw and tablearg formatting
Michael Sierchio
kudzu at tenebras.com
Mon Jun 3 15:40:06 UTC 2013
On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson <andrnils at gmail.com> wrote:
> Hello,
>
> Still trying out the tablearg functionality of ipfw and found the following:
>
> 1)
> # ipfw table 100 add 192.168.0.0/24 10.0.0.1
> # ipfw table 100 list
> 192.168.0.0/24 167772161
>
> I guess it is correct, but not user friendly. Can't the tablearg part be
> printed as normal dotted decimal?
No - it's an integer. The semantics of the table arg are up to you,
but it could be a rule number, used in a computed go to, as in
ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup src-ip 23
I use it to classify traffic based on country of origin.
> Another question: While using tablearg, is there a way to get statistics of
> each "individual" computed value instead of just the aggregate statistics
> for all rules "generated" by the tablearg rule?
you can log where the target rule is executed, or have a count rule.
- M
More information about the freebsd-net
mailing list