From owner-freebsd-net@FreeBSD.ORG Tue Jun 4 18:01:47 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 26C38EAB for ; Tue, 4 Jun 2013 18:01:47 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-oa0-x22f.google.com (mail-oa0-x22f.google.com [IPv6:2607:f8b0:4003:c02::22f]) by mx1.freebsd.org (Postfix) with ESMTP id EB08F11D0 for ; Tue, 4 Jun 2013 18:01:46 +0000 (UTC) Received: by mail-oa0-f47.google.com with SMTP id m1so396516oag.6 for ; Tue, 04 Jun 2013 11:01:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=hm70duSwV3zMQjfM6Uc2yEHlWenoW4Rs4SsyjNZ8muQ=; b=ZBGLaVd/G5P93EEdUJKUJnvfUV5WC+6cZLbbWUoWbahQexecaQLEq1yDK64rXEp1N8 D9ZLH/pA0O5E2CuCjojvLVWAjz9agR5kqFuNL+clPp6mjfmPDoGzMzTcNRwFM9i45782 DFHz5litQpHJUIJRjDCCl9b+Fts7sPsqSTw0iWzAqg67bzboJsbBb1oTe1kf3Oenwu12 b+kSelrNwEbI0W8yiakbAv9RKKjUHxZDrTG2N/UpKMZcHhn+mutE7Ym+FJvEri1JgNzh 2Mu787mBnWcmGnsXtJGm6H6a0J7lcYkCyYv4AQ8Ah7z4bw5h0zKCxmqPMF6GBtYndFwW x2Ew== MIME-Version: 1.0 X-Received: by 10.182.16.170 with SMTP id h10mr12439346obd.17.1370368906401; Tue, 04 Jun 2013 11:01:46 -0700 (PDT) Received: by 10.60.35.132 with HTTP; Tue, 4 Jun 2013 11:01:46 -0700 (PDT) In-Reply-To: References: Date: Tue, 4 Jun 2013 11:01:46 -0700 Message-ID: Subject: Re: ipfw and tablearg formatting From: Michael Sierchio To: Andreas Nilsson Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlHoIfc7QJIwBT23KAGVLc1HF8/8Jq9RX2rvw+Dpvi4C6wpy2qjhHmZlMGaZt3O65P5gV59 Cc: FreeBSD Net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Jun 2013 18:01:47 -0000 00100 allow ip from any to any via lo0 00500 allow ip from 204.15.2.33 to me in recv em1 00600 deny ip from 204.15.2.32/27 to any in recv em1 00610 deny udp from any 67,68 to any dst-port 67,68 00700 allow ip from me to any out xmit em1 01000 allow ip from any to me in recv em0 02000 allow ip from me to any out xmit em0 03000 deny ip from any to any via em0 04000 allow ip from 50.18.184.144 to any in recv em1 04500 allow ip from any to 50.18.184.144 out xmit em1 05000 skipto tablearg ip from any to me in recv em1 lookup src-ip 23 10000 deny log ip from any to any 10100 allow log ip from any to any 10200 allow log ip from any to any 10300 allow log ip from any to any 10400 allow log ip from any to any 10500 allow log ip from any to any > ... 33000 allow log ip from any to any 33100 allow log ip from any to any 33200 allow log ip from any to any 33300 allow log ip from any to any 33400 allow log ip from any to any 33500 allow log ip from any to any 33600 allow log ip from any to any 33700 allow log ip from any to any 33800 allow log ip from any to any 33900 allow log ip from any to any 34000 allow log ip from any to any There's a file that maps rule number to country code, and I use it to build the table 5.83.192.0/19 17500 5.83.224.0/21 26300 5.83.232.0/21 17300 5.83.240.0/20 19800 5.84.0.0/14 20600 5.88.0.0/13 20600 5.96.0.0/14 20600 5.100.0.0/18 15600 5.100.64.0/18 28600 5.100.128.0/20 15600 5.100.144.0/21 17300 5.100.152.0/21 33000 5.100.160.0/21 33700 5.100.168.0/21 28800 5.100.176.0/20 26300 5.100.192.0/19 13600 VU 33300 WF 33400 WS 33500 XA 33600 YE 33700 ZA 33800 ZM 33900 ZW 34000 XA is the extended bogons list. - M