question for ipfw2 experts
Michael Sierchio
kudzu at tenebras.com
Mon Sep 24 21:48:00 UTC 2012
On Mon, Sep 24, 2012 at 12:35 PM, Darrel <levitch at iglou.com> wrote:
> Can someone please send an exmaple of how to properly use tables?
Quick, trivial example - this doesn't help you understand tableargs,
this is just efficiently to handle a very large list of sparse nets.
PEERS="/etc/ipfw/permitted_hosts.txt"
cat $PEERS | awk '/^[1-9][0-9\.][0-9\.]*/ { print "ipfw table 1 add", $1 }' | sh
$FW add 01000 check-state
[ a bunch of rules ]
$FW add 05000 allow tcp from table\(1\) to me 7514 in recv $OUTSIDE_IF
setup keep-state
$FW add 06000 deny tcp from any to me in recv $OUTSIDE_IF
Now, if you want to atomically change tables without altering
instantiated dynamic rules, you can use separate tables and swap
rulesets. You can use tableargs (the second parameter when adding an
entry to the table) as a rule number to skipto, or as a tag in
logging, etc.
More information about the freebsd-questions
mailing list