Date: Thu, 16 Apr 2009 21:41:31 +0300 From: KES <kes-kes@yandex.ru> To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: freebsd-questions@freebsd.org Subject: Re[2]: IPFW missing feature Message-ID: <598016517.20090416214131@yandex.ru> In-Reply-To: <44eivsbxfc.fsf@lowell-desk.lan> References: <1873052356.20090416001047@yandex.ru> <44eivsbxfc.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Здравствуйте, Lowell.
Вы писали 16 апреля 2009 г., 15:22:31:
LG> KES <kes-kes@yandex.ru> writes:
>> The tablearg feature provides the ability to use a value, looked up in
>> the table, as the argument for a rule action, action parameter or rule
>> option. This can significantly reduce number of rules in some configura-
>> tions. If two tables are used in a rule, the result of the second (des-
>> tination) is used. The tablearg argument can be used with the following
>> actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto
>> action parameters: tag, untag, rule options: limit, tagged.
>>
>>
>> Why tablearg cannot be used with setfib?
LG> Because tables are a feature of IPFW, and the FIB isn't.
setfib is also feature of ipfw. see man:
setfib fibnum
The packet is tagged so as to use the FIB (routing table) fibnum
in any subsequent forwarding decisions. Initially this is limited
to the values 0 through 15. See setfib(8). Processing continues
at the next rule.
There is no any difficulties to use 'tablearg' as 'fibnum'
ipfw add 3 setfib 2 all from 192.168.0.0/16 to any in recv <IFACE>
ipfw add 3 setfib tablearg all from table(<X>) to any in recv <IFACE>
but now this is not mistake to write 'setfib tablearg'. IPFW just replace tablearg in rule with 0
It seems like a bug. because of it MUST work in proper way or DO NOT
work at all. IMHO
--
С уважением,
KES mailto:kes-kes@yandex.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?598016517.20090416214131>