Date: Mon, 3 Jun 2013 08:40:05 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Andreas Nilsson <andrnils@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: ipfw and tablearg formatting Message-ID: <CAHu1Y73JbFFDFeX0q%2Bo1X_NK4hoqxg_qDL8E1E_wTdhBvbybeg@mail.gmail.com> In-Reply-To: <CAPS9%2BSu=uQG5-s7qmgeUSgnqJscyMhRqXuApo0mkV%2BqZWU8u0g@mail.gmail.com> References: <CAPS9%2BSu=uQG5-s7qmgeUSgnqJscyMhRqXuApo0mkV%2BqZWU8u0g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson <andrnils@gmail.com> wrote: > Hello, > > Still trying out the tablearg functionality of ipfw and found the following: > > 1) > # ipfw table 100 add 192.168.0.0/24 10.0.0.1 > # ipfw table 100 list > 192.168.0.0/24 167772161 > > I guess it is correct, but not user friendly. Can't the tablearg part be > printed as normal dotted decimal? No - it's an integer. The semantics of the table arg are up to you, but it could be a rule number, used in a computed go to, as in ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup src-ip 23 I use it to classify traffic based on country of origin. > Another question: While using tablearg, is there a way to get statistics of > each "individual" computed value instead of just the aggregate statistics > for all rules "generated" by the tablearg rule? you can log where the target rule is executed, or have a count rule. - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y73JbFFDFeX0q%2Bo1X_NK4hoqxg_qDL8E1E_wTdhBvbybeg>