Date: Mon, 17 May 2004 16:42:05 +0300 From: Dmitry Sergienko <trooper+freebsd+ipfw@email.dp.ua> To: ipfw@freebsd.org Subject: ipfw prefix-list support request Message-ID: <40A8C12D.5040906@email.dp.ua>
next in thread | raw e-mail | index | archive | help
Hi! I'm thinking about external prefix-lists in ipfw. This is like prefix-lists in Cisco IOS or tables in OpenBSD pf. In my opinion it will be very convenient to do the following: # use prefix-list ipfw add 100 allow ip from prefix-list goodcustomers to any // add prefixes to prefix-list #ipfw prefix-list goodcustomers add 10.0.0.0/24 ipfw prefix-list goodcustomers add 10.0.1.0/30 ipfw prefix-list goodcustomers add 10.0.1.5 // list prefixes in prefix-list #ipfw prefix-list goodcustomers list 10.0.0.0/24 (5 matches) 10.0.1.0/24 // clear counters in prefix-list #ipfw prefix-list goodcustomers zero // show all available prefix-lists #ipfw prefix-list show good-customers // delete items from prefix-list #ipfw prefix-list goodcustomers delete 10.0.0.0/24 // delete all items from prefix-list #ipfw prefix-list goodcustomers flush The main advantage is to maintain list of prefixes separately from rule, without tweaking the rule. Current syntax in ipfw2 doesn't allow to do this (or have I missed something?). Please tell your opinion about this feature, is it really will be useful not only for me? If so, we will try to implement this. -- Best wishes, Dmitry Sergienko (SDA104-RIPE) Trifle Co., Ltd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40A8C12D.5040906>