Problem with ipfw table add 0.0.0.0/8
Bill Yuan
bycn82 at gmail.com
Mon May 19 07:51:37 UTC 2014
Hi Alex,
You guys are chatting here! I agree with you, the table is the place should
be enhanced, and I am working in this way as described below
1. Support more types.
ip : cidr
ipv4 : same as ip
ipv6 : ip addr v6
mac : mac address
iface : interface name
interface : same as iface
port : it is Alex's idea, I dont know how it works.
2. Setup the table type
ipfw table <id> type <type>
it will setup the type of the table, and flush the table
3. Get table type
ipfw table <id> type show
4. Add item into the table
ipfw table <id> add <item>
a. get the type of table <id>
b. if the type is not defined yet, that also means the table is new or
empty,
then guess the type based on the <item>
c. format the <item> and insert into the table.
In this way so call "back compatible"
5. how to use table
case 1
ipfw add [line] allow icmp from "table(1)" to "table(2)"
in the ipfw userland command, it should check the table1 and table 2 should
be ipv4 or ipv6 type
case 2
ipfw add allow icmp from any to any MAC "table(3)" "table(4)"
in this case, the table(3) and table(4) should be a table of MAC addresses.
case 3
ipfw add allow icmp from any to any via table(5)
in this case, the table 5 should be table of interface names.
currently I am working on the mac type. :)
On Sun, May 18, 2014 at 12:47 PM, Jason Hellenthal
<jhellenthal at dataix.net>wrote:
>
>
> > On May 18, 2014, at 0:12, Julian Elischer <julian at freebsd.org> wrote:
> >> 2) Table type/name can be specified explicitly via one of the following
> commands:
> >> * ipfw table 1 create [type <cidr|u32|ifindex|iface>] [name
> "table_name"]
> > type "ports" would be nice but tricky to do right.
>
> That . . . would be a great addition and have me switching from pf to ipfw.
>
> Pullllease do! :-)
More information about the freebsd-net
mailing list