From owner-freebsd-net@FreeBSD.ORG Tue Jun 4 16:00:14 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id C5F9D3B1; Tue, 4 Jun 2013 16:00:14 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) by mx1.freebsd.org (Postfix) with ESMTP id 892C51ABA; Tue, 4 Jun 2013 16:00:14 +0000 (UTC) Received: by mail-ob0-f172.google.com with SMTP id wo10so693880obc.17 for ; Tue, 04 Jun 2013 09:00:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=vsXpY6FY4S1jhZ0BsRTzXm548gxdEZfd/RDokSMXsoU=; b=iMiL4An6HYBefvn2tRuh+v3Zj44GoX8ooiWqNGRLbNTRbsrh6VOZrTXwEF3hpLZkfl ZpKY/6rBPo4JrV8eloTptdg6PSFJmilj6QPdcKa5QQeWTqMBPgmDShUxzl2kLe5JxMCp T3KTrW1U9p4UZRwjuwPdeCrI52vjEhJ0A6A4czz8Blwh4ktGLbDIMf+JKCJ0g8qN1dUk 1jxiYVZj8bb4grdTJHDXMcVeat1Ck/ahKKAJxObfSGnaPWUUM9jOZk9SVh8pIOsFWiM5 fodBv8bU4XokVozCm/UxoAVRdVgrwnzsW/KWjP4sw23BJje3+aHmfxHjE2mnUgmgD7Be eVnA== MIME-Version: 1.0 X-Received: by 10.60.133.109 with SMTP id pb13mr5517399oeb.26.1370361614157; Tue, 04 Jun 2013 09:00:14 -0700 (PDT) Received: by 10.76.12.200 with HTTP; Tue, 4 Jun 2013 09:00:14 -0700 (PDT) In-Reply-To: <51ADF450.7010908@freebsd.org> References: <51ADF450.7010908@freebsd.org> Date: Tue, 4 Jun 2013 18:00:14 +0200 Message-ID: Subject: Re: ipfw and tablearg formatting From: Andreas Nilsson To: Julian Elischer Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: FreeBSD Net , Michael Sierchio X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jun 2013 16:00:14 -0000 On Tue, Jun 4, 2013 at 4:06 PM, Julian Elischer wrote: > On 6/3/13 11:40 PM, Michael Sierchio wrote: > >> On Mon, Jun 3, 2013 at 4:43 AM, Andreas Nilsson >> wrote: >> >>> Hello, >>> >>> Still trying out the tablearg functionality of ipfw and found the >>> following: >>> >>> 1) >>> # ipfw table 100 add 192.168.0.0/24 10.0.0.1 >>> # ipfw table 100 list >>> 192.168.0.0/24 167772161 >>> >>> I guess it is correct, but not user friendly. Can't the tablearg part be >>> printed as normal dotted decimal? >>> >> No - it's an integer. The semantics of the table arg are up to you, >> but it could be a rule number, used in a computed go to, as in >> > > the only way to get this printed correctly would be for the printing > routines to > keep enough state about the rules using the table to be able to interpret > the tablearg according to how it was used. this would be a task that is way > more complicated than it is worth. > Fair point. Best regards Andreas > >> ipfw add 05000 skipto tablearg ip from any to me in recv em1 lookup >> src-ip 23 >> >> I use it to classify traffic based on country of origin. >> >> Another question: While using tablearg, is there a way to get statistics >>> of >>> each "individual" computed value instead of just the aggregate >>> statistics >>> for all rules "generated" by the tablearg rule? >>> >> you can log where the target rule is executed, or have a count rule. >> >> - M >> ______________________________**_________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/**mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@**freebsd.org >> " >> >> >> >