Date: Tue, 4 Jun 2013 18:00:14 +0200 From: Andreas Nilsson <andrnils@gmail.com> To: Julian Elischer <julian@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Michael Sierchio <kudzu@tenebras.com> Subject: Re: ipfw and tablearg formatting Message-ID: <CAPS9%2BSuTLuVCP=dbnJGByxoc6aRtTRR=TU5NWC0xOUF_Pbp1mw@mail.gmail.com> In-Reply-To: <51ADF450.7010908@freebsd.org> References: <CAPS9%2BSu=uQG5-s7qmgeUSgnqJscyMhRqXuApo0mkV%2BqZWU8u0g@mail.gmail.com> <CAHu1Y73JbFFDFeX0q%2Bo1X_NK4hoqxg_qDL8E1E_wTdhBvbybeg@mail.gmail.com> <51ADF450.7010908@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 4, 2013 at 4:06 PM, Julian Elischer <julian@freebsd.org> wrote: > On 6/3/13 11:40 PM, Michael Sierchio wrote: > >> On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson <andrnils@gmail.com> >> wrote: >> >>> Hello, >>> >>> Still trying out the tablearg functionality of ipfw and found the >>> following: >>> >>> 1) >>> # ipfw table 100 add 192.168.0.0/24 10.0.0.1 >>> # ipfw table 100 list >>> 192.168.0.0/24 167772161 >>> >>> I guess it is correct, but not user friendly. Can't the tablearg part be >>> printed as normal dotted decimal? >>> >> No - it's an integer. The semantics of the table arg are up to you, >> but it could be a rule number, used in a computed go to, as in >> > > the only way to get this printed correctly would be for the printing > routines to > keep enough state about the rules using the table to be able to interpret > the tablearg according to how it was used. this would be a task that is way > more complicated than it is worth. > Fair point. Best regards Andreas > >> ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup >> src-ip 23 >> >> I use it to classify traffic based on country of origin. >> >> Another question: While using tablearg, is there a way to get statistics >>> of >>> each "individual" computed value instead of just the aggregate >>> statistics >>> for all rules "generated" by the tablearg rule? >>> >> you can log where the target rule is executed, or have a count rule. >> >> - M >> ______________________________**_________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/**mailman/listinfo/freebsd-net<http://lists.freebsd.org/mailman/listinfo/freebsd-net>; >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@**freebsd.org<freebsd-net-unsubscribe@freebsd.org> >> " >> >> >> >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPS9%2BSuTLuVCP=dbnJGByxoc6aRtTRR=TU5NWC0xOUF_Pbp1mw>