Date: Mon, 19 May 2014 12:54:14 +0400 From: Dennis Yusupoff <dyr@smartspb.net> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: [Was]: Problem with ipfw table add 0.0.0.0/8 Message-ID: <5379C6B6.4030105@smartspb.net> In-Reply-To: <CAC%2BJH2xDM2u97Oa1YsG78x_6xdzTpBS-QD-cSfaWSKkKBU8GDg@mail.gmail.com> References: <5371084F.1060009@bsdinfo.com.br> <F78BF3AC-F031-4528-A4C1-5B22E88CEC00@dataix.net> <5371112B.2030209@bsdinfo.com.br> <5371E9E7.70400@smartspb.net> <5371F4C8.3080501@FreeBSD.org> <53720AA4.80909@smartspb.net> <537767C5.80205@FreeBSD.org> <53783333.3010205@freebsd.org> <F061517D-0A79-4734-A032-1F2BE060C8F6@dataix.net> <CAC%2BJH2xDM2u97Oa1YsG78x_6xdzTpBS-QD-cSfaWSKkKBU8GDg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex, Bill, it's a good news, glad to hear it.
Let me ask even more functionality:
6. Test if entry exist in table:
ipfw table <id> test <item>
It extremely useful in case of big, unordered data in the table - for
example different networks with different mask. Now it's almost
impossible to find out is checked IP occurs in the table or not.
7. Are the any reason to keep use numbers only as table names? The more
tables uses, the harder to distinct tables in quick look at rules. Compare:
ipfw add [line] allow icmp from "table(1)" to "table(2)"
and something like
ipfw add [line] allow icmp from "table(trusted)" to "table(backbone)"
Any comments are welcome.
19.05.2014 11:51, Bill Yuan пишет:
> Hi Alex,
>
> You guys are chatting here! I agree with you, the table is the place
> should be enhanced, and I am working in this way as described below
>
> 1. Support more types.
> ip : cidr
> ipv4 : same as ip
> ipv6 : ip addr v6
> mac : mac address
> iface : interface name
> interface : same as iface
> port : it is Alex's idea, I dont know how it works.
>
> 2. Setup the table type
> ipfw table <id> type <type>
> it will setup the type of the table, and flush the table
>
> 3. Get table type
> ipfw table <id> type show
>
> 4. Add item into the table
> ipfw table <id> add <item>
>
> a. get the type of table <id>
> b. if the type is not defined yet, that also means the table is new or
> empty,
> then guess the type based on the <item>
> c. format the <item> and insert into the table.
>
> In this way so call "back compatible"
>
> 5. how to use table
>
> case 1
> ipfw add [line] allow icmp from "table(1)" to "table(2)"
> in the ipfw userland command, it should check the table1 and table 2
> should be ipv4 or ipv6 type
>
> case 2
> ipfw add allow icmp from any to any MAC "table(3)" "table(4)"
> in this case, the table(3) and table(4) should be a table of MAC
> addresses.
>
> case 3
> ipfw add allow icmp from any to any via table(5)
> in this case, the table 5 should be table of interface names.
>
--
Best regards,
Dennis Yusupoff,
network engineer of
Smart-Telecom ISP
Russia, Saint-Petersburg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5379C6B6.4030105>