Date: Wed, 24 Nov 2004 11:14:58 +0300 From: Martes Wigglesworth <martes.wigglesworth@earthlink.net> To: NetAdmin <daemon@foxchat.net> Cc: ipfw-mailings <freebsd-ipfw@freebsd.org> Subject: Re: IPFW2 tables Message-ID: <1101284098.40685.85.camel@Mobile1.276NET> In-Reply-To: <1101256036.22644.69.camel@foxdaemon.com> References: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at> <1101256036.22644.69.camel@foxdaemon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-zbYli8D4uvNlmLtvvXdI Content-Type: text/plain Content-Transfer-Encoding: 7bit Dude. I think that the multiple ports section is universal, because each section of an ipfw command is programmed into the ipfw syntax. Like a case, in a shell script. So, it would be theoretically redundant to list, for example, how to use multiple ports on tables, when it is already listed for general usage. I am new, as well, however, it is part of my job to deal with this stuff, so I sit here an play with things. I have not gotten to tables, because I have not seen the benefit, as of yet, however, by playing around, I have noticed that many of the features are just arguments that are being sent to a shell command, and can be thought of as such. Like about a month or so, ago, when I was having trouble with brackets because I had forgotten that they were simply used to seperate arguments within the string of arguments. A helpful person indicated that I should use the back-slash in from of the brackets, becaue the shell was reading them independent of the commands that I was trying to pass to ipfw. This may have been overkill, or inaccurate, however, thinking of the different features as complex arguments to a shell command has made things easier when reading through the man page(s). Please, someone correct me if I am completely off of the target with my assumption. It seems to work for me, and I felt that you could benefit from that frame of thought for ipfw. -- Respectfully, M.G.W. System: Asus M6N Intel Dothan 1.7 512MB RAM 40GB HD 10/100/1000 NIC Wireless b/g (not working yet) BSD-5.2.1 GCC-3.3.5/3.3.3(until I replace indigenous gcc) IFORT-for linux(Intell Fortran) gfortran python-2.3 Perl-5.6.1/5.8.5 Java-sdk-1.4.2_5 KDE-3.1.4 --=-zbYli8D4uvNlmLtvvXdI Content-Disposition: inline Content-Description: Forwarded message - Re: IPFW2 tables Content-Type: message/rfc822 Status: U Return-Path: <owner-freebsd-ipfw@freebsd.org> Received: from mx2.freebsd.org ([216.136.204.119]) by bunting.mail.pas.earthlink.net (EarthLink SMTP Server) with ESMTP id 1cwL0F4PW3NZFmR0 for <martes.wigglesworth@earthlink.net>; Tue, 23 Nov 2004 16:27:49 -0800 (PST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id DE017557C5; Wed, 24 Nov 2004 00:27:19 +0000 (GMT) (envelope-from owner-freebsd-ipfw@freebsd.org) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 3FD6B16A4CF; Wed, 24 Nov 2004 00:27:19 +0000 (GMT) Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF3D616A4CE for <freebsd-ipfw@freebsd.org>; Wed, 24 Nov 2004 00:27:16 +0000 (GMT) Received: from FoxSurfer.Com (dns1.foxsurfer.com [69.90.8.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E52E43D1F for <freebsd-ipfw@freebsd.org>; Wed, 24 Nov 2004 00:27:16 +0000 (GMT) (envelope-from daemon@foxchat.net) Received: from foxdaemon.com (zapper@rrcs-24-172-9-74.midsouth.biz.rr.com [24.172.9.74]) by FoxSurfer.Com (8.12.11/8.12.11) with ESMTP id iAO0RB1w036930; Tue, 23 Nov 2004 19:27:11 -0500 (EST) (envelope-from daemon@foxchat.net) From: NetAdmin <daemon@foxchat.net> To: tw@wsf.at In-Reply-To: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at> References: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-6L4Yxjyhg2ZjrZN4txC0" Date: Tue, 23 Nov 2004 19:27:16 -0500 Message-Id: <1101256036.22644.69.camel@foxdaemon.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW2 tables X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>, <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>; List-Post: <mailto:freebsd-ipfw@freebsd.org> List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>, <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe> Sender: owner-freebsd-ipfw@freebsd.org Errors-To: owner-freebsd-ipfw@freebsd.org X-ELNK-AV: 0 --=-6L4Yxjyhg2ZjrZN4txC0 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-11-23 at 22:29 +0000, Thomas Wolf wrote: > NetAdmin <daemon@foxchat.net> schrieb: >=20 >=20 > > > > Set rule as; *Note: found there was a problem using table (1) > > > > {fwcmd} add 300 deny ip from table '1' to me > > >=20 > > > The correct syntax that should work under any shell should be > > > {fwcmd} add 300 deny ip from table\(1\) to me > > > or > > > {fwcmd} add 300 deny ip from "table(1)" to me > > >=20 > > >=20 > >=20 > > Great! That worked. Thanks. Now, is there a page I can refer to for > > other commands and syntax like adding multiple ports? =20 >=20 > 'man 8 ipfw' is still the best reference for commands and syntax (IMHO). >=20 >=20 > > I tried the > > following and assume it works. > >=20 > > ${fwcmd} add 301 deny all from "table(2)" to me 20-25,110,113,143 > >=20 > > # ipfw show > > 00301 0 0 deny ip from table(2) to me dst-port > > 20-25,110,113,143 >=20 > That looks ok. Although I would 'unreach host' or 'reset' packets=20 > to ident (port 113). 'Dropping' them just gets you delays when > querying mailservers and other services. >=20 > Thomas I did look at the man page for tables. The only thing really mentioned is; ipfw table number add addr[/masklen] [value] ipfw table number delete addr[/masklen] ipfw table number flush ipfw table number list and=20 LOOKUP TABLES Lookup tables are useful to handle large sparse address sets, typically from a hundred to several thousands of entries. There could be 128 dif- ferent lookup tables, numbered 0 to 127. etc... etc... Make no mistake, I appreciate your help immensely and unless someone else had responded, I would still be wondering what I needed to do. However, I have checked the sources commonly available to newer users including searches on google. Having said that, no where in 'man 8 ipfw' does it say how to add multiple ports in conjunction with Tables or the correct syntax for adding the table to rc.firewall. Tables for IPFW isn't even mentioned in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html That is why I asked if anyone knew of any other sources of information on Tables and their syntax. It is what I am still asking. Where can I find more information on using tables with IPFW? Respectfully, Mark --=-6L4Yxjyhg2ZjrZN4txC0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBo9VkNirmlL8R/7sRAtw4AJ937LxHNzfnZfsfmodQ/MKxmcCzIwCgjV+0 rxmIVhNn0cZ2m01u5WO0kNI= =uspW -----END PGP SIGNATURE----- --=-6L4Yxjyhg2ZjrZN4txC0-- --=-zbYli8D4uvNlmLtvvXdI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1101284098.40685.85.camel>