> Better to have a single table - there's a min penalty for each lookup, + > lg(n) or so. > > You can use the second parameter for interesting things, like a rule number > to skipto > > E.g. > > ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup > src-ip $table_number >
Interesting. I've never seen that syntax before. I'm currently using a simple rule like this: ipfw add 05000 deny log ip from any to any src-ip table(2) Is there any reason I should avoid doing it this way? I should also note, I'm running ifpw inline (using if_bridge), and I'm easily looking at several thousand addresses in the table. Is there any known limitation on the number of entries in a table I should be aware of? It sounds like I'll be fine with dumping all addresses in a single table. \\korodev _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
