On Fri, May 3, 2013 at 12:33 PM, Michael Sierchio <ku...@tenebras.com>wrote:
> Better to have a single table - there's a min penalty for each lookup, + > lg(n) or so. > > You can use the second parameter for interesting things, like a rule number > to skipto > > E.g. > > ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup > src-ip $table_number > First time I've seen the "lookup" syntax. There's next to no information on it in the ipfw man page, and the info there doesn't really make it clear how to use it. Can "lookup" syntax be used as an alternative to "table($number)" syntax (which is a pain to enter on command-lines)? Or are they completely separate? Can the same table be used for both styles of lookups? >From what I can tell, a table can only have 2 items per entry: IP and a number (the tablearg). So where is the "lookup" getting src-ip/dest-ip/etc from? What's the difference between: ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup src-ip $table_number ipfw add 05000 skipto tablearge ip from table\($table_number\) to my in recv $if_wan -- Freddie Cash fjwc...@gmail.com _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
