On Mon, May 19, 2014 at 10:54 AM, Dennis Yusupoff <d...@smartspb.net> wrote:
> Alex, Bill, it's a good news, glad to hear it. > > Let me ask even more functionality: > > 6. Test if entry exist in table: > ipfw table <id> test <item> > It extremely useful in case of big, unordered data in the table - for > example different networks with different mask. Now it's almost > impossible to find out is checked IP occurs in the table or not. > So having 10.0.1.1/16 in table and looking for 10.0.240.15 would say in table? That would be nice. > > 7. Are the any reason to keep use numbers only as table names? The more > tables uses, the harder to distinct tables in quick look at rules. Compare: > ipfw add [line] allow icmp from "table(1)" to "table(2)" > and something like > ipfw add [line] allow icmp from "table(trusted)" to "table(backbone)" > > Any comments are welcome. > > If table can have names, the above would be really nice as well. /A > > 19.05.2014 11:51, Bill Yuan пишет: > > Hi Alex, > > > > You guys are chatting here! I agree with you, the table is the place > > should be enhanced, and I am working in this way as described below > > > > 1. Support more types. > > ip : cidr > > ipv4 : same as ip > > ipv6 : ip addr v6 > > mac : mac address > > iface : interface name > > interface : same as iface > > port : it is Alex's idea, I dont know how it works. > > > > 2. Setup the table type > > ipfw table <id> type <type> > > it will setup the type of the table, and flush the table > > > > 3. Get table type > > ipfw table <id> type show > > > > 4. Add item into the table > > ipfw table <id> add <item> > > > > a. get the type of table <id> > > b. if the type is not defined yet, that also means the table is new or > > empty, > > then guess the type based on the <item> > > c. format the <item> and insert into the table. > > > > In this way so call "back compatible" > > > > 5. how to use table > > > > case 1 > > ipfw add [line] allow icmp from "table(1)" to "table(2)" > > in the ipfw userland command, it should check the table1 and table 2 > > should be ipv4 or ipv6 type > > > > case 2 > > ipfw add allow icmp from any to any MAC "table(3)" "table(4)" > > in this case, the table(3) and table(4) should be a table of MAC > > addresses. > > > > case 3 > > ipfw add allow icmp from any to any via table(5) > > in this case, the table 5 should be table of interface names. > > > > -- > Best regards, > Dennis Yusupoff, > network engineer of > Smart-Telecom ISP > Russia, Saint-Petersburg > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
