From owner-freebsd-net@FreeBSD.ORG  Thu May 30 07:07:25 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 89DF3529
 for <freebsd-net@freebsd.org>; Thu, 30 May 2013 07:07:25 +0000 (UTC)
 (envelope-from andrnils@gmail.com)
Received: from mail-ob0-x22d.google.com (mail-ob0-x22d.google.com
 [IPv6:2607:f8b0:4003:c01::22d])
 by mx1.freebsd.org (Postfix) with ESMTP id 5CD055E2
 for <freebsd-net@freebsd.org>; Thu, 30 May 2013 07:07:25 +0000 (UTC)
Received: by mail-ob0-f173.google.com with SMTP id wc20so4487608obb.32
 for <freebsd-net@freebsd.org>; Thu, 30 May 2013 00:07:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=08dcGzoTQq/YA/UdUbnLStL3cRp4LwN049U9hPMAUzE=;
 b=NONkuHVXFyFM5aRiNgUAPZfzBEwQut/iyOFvEYSMFVmH+Qp5Nw7H00Uw9tdoMxleh4
 Peja/4W/R5YSW9gNNtER9v5sV2w7J3RY2o7DZuy6gauDywiW1qcSkZn/2Upe74UMYzAZ
 dp33DjVj4eVgGV7NSZ6Ko7GaNBYTa0esNaEjDixkK45lSIV6irE7k45QCwaRmRdb32YJ
 Ns44RKnb77ngkZqhxuhym7CZ0DFbZnyOEg+V79Ltd7s4kFhHZbcbjsKt6pJBTUgIRsSr
 blGg92GI70+b/cxbBpxmK/4HG59ZuOxhIpHVMBrjzjiRqQkGBWZOlsEYeZljxxQ33z8A
 vkDA==
MIME-Version: 1.0
X-Received: by 10.182.118.42 with SMTP id kj10mr3487984obb.99.1369897645015;
 Thu, 30 May 2013 00:07:25 -0700 (PDT)
Received: by 10.76.77.9 with HTTP; Thu, 30 May 2013 00:07:24 -0700 (PDT)
Date: Thu, 30 May 2013 09:07:24 +0200
Message-ID: <CAPS9+SueiESR7bTr5amQ4k_36h=j6-BAnBQ00TZA=CA3PC28eQ@mail.gmail.com>
Subject: IPFW tablearg questions
From: Andreas Nilsson <andrnils@gmail.com>
To: FreeBSD Net <freebsd-net@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 May 2013 07:07:25 -0000

Hello,

I started to test some more features of IPFW, namely skipto and fwd, both
in conjunction with tablearg.

The question:
Why can't you add a skipto to the default rule (65535)?

I also consider using tablearg with divert, but manpage is contradicting
itself in regards to divert with tablearg:
"     divert port
             Divert packets that match this rule to the divert(4) socket
bound
             to port port.  The search terminates."
vs

"The tablearg argument can be used with the following
     actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto,
     setfib, action parameters: tag, untag, rule options: limit, tagged."

Also, in the EXAMPLES section one can find:

"     In the following example per-interface firewall is created:

           ipfw table 10 add vlan20 12000
           ipfw table 10 add vlan30 13000
           ipfw table 20 add vlan20 22000
           ipfw table 20 add vlan30 23000
           ..
           ipfw add 100 ipfw skipto tablearg ip from any to any recv
           'table(10)' in
           ipfw add 200 ipfw skipto tablearg ip from any to any xmit
           'table(10)' out
"
where ipfw add 100 ipfw skipto seems wrong...

Best regards
Andreas Nilsson