On Fri, May 3, 2013 at 1:13 PM, Michael Sierchio wrote:
> The syntax is described in the man page, but there are no examples. My
> example works ;-)
>
>
Yes, I know it's in the man page, but the description is beyond vague, and
there are no usage examples, nor comparisons to the "normal" table(n
Oh, it's not a bad idea to have different tables for different purposes - a
whitelist and a blacklist, for example. The syntax I'd use in your example
is
ipfw add 05000 deny log ip from table\(2\) to any
and probably
ipfw add 05000 deny log ip from table\(2\) to any in recv $interface
_
The syntax is described in the man page, but there are no examples. My
example works ;-)
The first entry is a network, which might have a /32, in which case it's a
single IP addr.
On Fri, May 3, 2013 at 12:43 PM, Freddie Cash wrote:
>
> On Fri, May 3, 2013 at 12:33 PM, Michael Sierchio wrot
> Better to have a single table - there's a min penalty for each lookup, +
> lg(n) or so.
>
> You can use the second parameter for interesting things, like a rule number
> to skipto
>
> E.g.
>
> ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
> src-ip $table_number
>
Intere
On Fri, May 3, 2013 at 12:33 PM, Michael Sierchio wrote:
> Better to have a single table - there's a min penalty for each lookup, +
> lg(n) or so.
>
> You can use the second parameter for interesting things, like a rule number
> to skipto
>
> E.g.
>
> ipfw add 05000 skipto tablearg ip from any to
Better to have a single table - there's a min penalty for each lookup, +
lg(n) or so.
You can use the second parameter for interesting things, like a rule number
to skipto
E.g.
ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup
src-ip $table_number
- M
_
I currently have some firewall/routing devices running 8.2 and 9.1 with
ipfw and I'm interested in blocking large groups of IP addresses. The man
pages explain that the table lookup is implemented using a radix tree, but
what I'm most interested in is the performance differences in using a
single t
