From owner-freebsd-ipfw@FreeBSD.ORG  Tue Nov 23 22:32:58 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9FCDD16A4F3
	for <freebsd-ipfw@freebsd.org>; Tue, 23 Nov 2004 22:32:58 +0000 (GMT)
Received: from mailhost.wsf.at (server202.serveroffice.com [217.196.72.202])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EE4C043D49
	for <freebsd-ipfw@freebsd.org>; Tue, 23 Nov 2004 22:32:57 +0000 (GMT)
	(envelope-from tw@wsf.at)
Received: from mailhost.wsf.at (root@localhost)iANMT7MX051206
	for <freebsd-ipfw@freebsd.org>; Tue, 23 Nov 2004 23:29:07 +0100 (CET)
	(envelope-from tw@wsf.at)
Received: from mailhost.wsf.at (http.wsf.at [217.196.72.203])
	iANMT7dn051193;	Tue, 23 Nov 2004 23:29:07 +0100 (CET)
	(envelope-from tw@wsf.at)
Date: Tue, 23 Nov 2004 22:29:07 -0000
To: NetAdmin <daemon@foxchat.net>, freebsd-ipfw@freebsd.org
From: Thomas Wolf <tw@wsf.at>
X-Mailer: twiggi 1.10.3
Message-ID: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: Re: IPFW2 tables
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: tw@wsf.at
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Nov 2004 22:32:58 -0000


NetAdmin <daemon@foxchat.net> schrieb:


> > > Set rule as; *Note: found there was a problem using table (1)
> > > {fwcmd} add 300 deny ip from table '1' to me
> > 
> > The correct syntax that should work under any shell should be
> > {fwcmd} add 300 deny ip from table\(1\) to me
> > or
> > {fwcmd} add 300 deny ip from "table(1)" to me
> > 
> > 
> 
> Great! That worked.  Thanks.  Now, is there a page I can refer to for
> other commands and syntax like adding multiple ports?  

'man 8 ipfw' is still the best reference for commands and syntax (IMHO).


> I tried the
> following and assume it works.
> 
> ${fwcmd} add 301 deny all from "table(2)" to me 20-25,110,113,143
> 
> # ipfw show
> 00301       0          0 	deny ip from table(2) to me dst-port
> 20-25,110,113,143

That looks ok. Although I would 'unreach host' or 'reset' packets 
to ident (port 113). 'Dropping' them just gets you delays when
querying mailservers and other services.

Thomas

--
Thomas Wolf
Wiener Software Fabrik
Dubas u. Wolf GMBH
1050 Wien, Mittersteig 4