ipfw and tablearg formatting

Michael Sierchio kudzu at tenebras.com
Tue Jun 4 18:01:47 UTC 2013


00100 allow ip from any to any via lo0
00500 allow ip from 204.15.2.33 to me in recv em1
00600 deny ip from 204.15.2.32/27 to any in recv em1
00610 deny udp from any 67,68 to any dst-port 67,68
00700 allow ip from me to any out xmit em1
01000 allow ip from any to me in recv em0
02000 allow ip from me to any out xmit em0
03000 deny ip from any to any via em0
04000 allow ip from 50.18.184.144 to any in recv em1
04500 allow ip from any to 50.18.184.144 out xmit em1
05000 skipto tablearg ip from any to me in recv em1 lookup src-ip 23
10000 deny log ip from any to any
10100 allow log ip from any to any
10200 allow log ip from any to any
10300 allow log ip from any to any
10400 allow log ip from any to any
10500 allow log ip from any to any

> ...

33000 allow log ip from any to any
33100 allow log ip from any to any
33200 allow log ip from any to any
33300 allow log ip from any to any
33400 allow log ip from any to any
33500 allow log ip from any to any
33600 allow log ip from any to any
33700 allow log ip from any to any
33800 allow log ip from any to any
33900 allow log ip from any to any
34000 allow log ip from any to any

There's a file that maps rule number to country code, and I use it to
build the table

5.83.192.0/19 17500
5.83.224.0/21 26300
5.83.232.0/21 17300
5.83.240.0/20 19800
5.84.0.0/14 20600
5.88.0.0/13 20600
5.96.0.0/14 20600
5.100.0.0/18 15600
5.100.64.0/18 28600
5.100.128.0/20 15600
5.100.144.0/21 17300
5.100.152.0/21 33000
5.100.160.0/21 33700
5.100.168.0/21 28800
5.100.176.0/20 26300
5.100.192.0/19 13600

VU 33300
WF 33400
WS 33500
XA 33600
YE 33700
ZA 33800
ZM 33900
ZW 34000

XA is the extended bogons list.

- M


More information about the freebsd-net mailing list