From owner-freebsd-questions@FreeBSD.ORG Thu Apr 16 18:41:38 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 947E2106567B for ; Thu, 16 Apr 2009 18:41:38 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forwards7.yandex.ru (forwards7.yandex.ru [77.88.61.48]) by mx1.freebsd.org (Postfix) with ESMTP id 0D8598FC13 for ; Thu, 16 Apr 2009 18:41:37 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from smtp16.yandex.ru (smtp16.yandex.ru [77.88.61.56]) by forwards7.yandex.ru (Yandex) with ESMTP id AB9E2151116; Thu, 16 Apr 2009 22:41:36 +0400 (MSD) Received: from [193.41.172.38] ([193.41.172.38]:8694 "EHLO HOMEUSER" smtp-auth: "kes-kes" TLS-CIPHER: TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S12992622AbZDPSlb (ORCPT + 1 other); Thu, 16 Apr 2009 22:41:31 +0400 X-Yandex-TimeMark: 1239907291 X-Yandex-Spam: 1 X-Yandex-Front: smtp16 X-BornDate: 1149541200 X-Yandex-Karma: 0 X-Yandex-KarmaStatus: 0 X-MsgDayCount: 7 X-Comment: RFC 2476 MSA function at smtp16.yandex.ru logged sender identity as: kes-kes X-Nat-Received: from [192.168.9.80]:1130 [ident-empty] by SPAM FILTER: with TPROXY id 1239907316.9183 abuse-to kes-kes@yandex.ru Date: Thu, 16 Apr 2009 21:41:31 +0300 From: KES X-Mailer: The Bat! (v4.0.24) Professional Organization: SaftTen X-Priority: 3 (Normal) Message-ID: <598016517.20090416214131@yandex.ru> To: Lowell Gilbert In-Reply-To: <44eivsbxfc.fsf@lowell-desk.lan> References: <1873052356.20090416001047@yandex.ru> <44eivsbxfc.fsf@lowell-desk.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re[2]: IPFW missing feature X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: KES List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2009 18:41:39 -0000 Здравствуйте, Lowell. Вы писали 16 апреля 2009 г., 15:22:31: LG> KES writes: >> The tablearg feature provides the ability to use a value, looked up in >> the table, as the argument for a rule action, action parameter or rule >> option. This can significantly reduce number of rules in some configura- >> tions. If two tables are used in a rule, the result of the second (des- >> tination) is used. The tablearg argument can be used with the following >> actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto >> action parameters: tag, untag, rule options: limit, tagged. >> >> >> Why tablearg cannot be used with setfib? LG> Because tables are a feature of IPFW, and the FIB isn't. setfib is also feature of ipfw. see man: setfib fibnum The packet is tagged so as to use the FIB (routing table) fibnum in any subsequent forwarding decisions. Initially this is limited to the values 0 through 15. See setfib(8). Processing continues at the next rule. There is no any difficulties to use 'tablearg' as 'fibnum' ipfw add 3 setfib 2 all from 192.168.0.0/16 to any in recv ipfw add 3 setfib tablearg all from table() to any in recv but now this is not mistake to write 'setfib tablearg'. IPFW just replace tablearg in rule with 0 It seems like a bug. because of it MUST work in proper way or DO NOT work at all. IMHO -- С уважением, KES mailto:kes-kes@yandex.ru