Netmap-ipfw, how to fill a table by 15K entries ?

Julian Elischer julian at freebsd.org
Tue Dec 23 16:14:33 UTC 2014 

On 12/23/14 11:32 PM, info at aknet.kg wrote:
> Eugene,
> sure, first we tried was a method with file.
> But after first 2-3 rules (table 10 add xxx.xxx.xxx.xxx) it hangs 
> and we loose console interaction.
> (the last FreeBSD-Stable 10.1)
>
> It needs to open new console and kill a process ./ipfw 
> /usr/local/.../rules.txt
>
> And ./ipfw table 10 list  shows only 2-3 new rules from any (20 or 
> 15K in file)
>
> May be this case (placing many enties into tables) was not tested by 
> developers?

I haven't used the file, but I have piped the commands into ipfw..

myscript | ipfw /dev/stdin

where "myscript" outputs all the commands derived from my configuration.
(actually myscript was a python program when I worked for cisco)

>
> Azamat
>
> Eugene Grosbein писал 2014-12-23 20:30:
>> On 23.12.2014 20:02, IT Department, AkNet ISP wrote:
>>> Hello to All
>>>
>>> Can anybody tell, how to fill a table with large number of entries ?
>>>
>>> Sure, It can be done by standard method by ./ipfw table 10 add
>>> xxx.xxx.xxx.xxx in a script, but each entry takes couple of 
>>> seconds to
>>> be placed into a table:
>>>
>>> ./ipfw table 10 add 192.168.10.50
>>> connected to 127.0.0.1:5555
>>>
>>> And takes many hours to do all job.
>>>
>>> May be there is a way to open a socket and place a bulk commands, for
>>> example:
>>> telnet localhost 5555
>>> table 10 add xxx.xxx.xxx.xxx
>>>
>>> But it doesn't work as written above.
>>>
>>> May be Senior Luigi can explane how to do such work as fast as it
>>> done by ordinary ipfw ?
>>
>> /sbin/ipfw can take full pathname of text file containing list of
>> commands like:
>>
>> table 10 add x.x.x.x
>> table 10 add x.x.x.y
>> ...
>>
>> So, it parses them all and executes at once. Read man ipfw, section:
>> LIST OF RULES AND PREPROCESSING
>>
>> Eugene Grosbein
>>
>>
>>
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>
>

More information about the freebsd-net mailing list