From owner-freebsd-ipfw@FreeBSD.ORG Mon May 17 06:42:10 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90A5A16A4CE for ; Mon, 17 May 2004 06:42:10 -0700 (PDT) Received: from bagira.apex.dp.ua (bagira.apex.dp.ua [195.24.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 877E243D49 for ; Mon, 17 May 2004 06:42:08 -0700 (PDT) (envelope-from trooper+freebsd+ipfw@email.dp.ua) Received: from i100.apex.dp.ua ([192.168.2.100] helo=email.dp.ua) by volcano.apex.dp.ua with esmtp (TLSv1:AES256-SHA:256) (Exim 4.12) id 1BPiNa-000NbA-00 for ipfw@freebsd.org; Mon, 17 May 2004 16:42:06 +0300 Message-ID: <40A8C12D.5040906@email.dp.ua> Date: Mon, 17 May 2004 16:42:05 +0300 From: Dmitry Sergienko Organization: Trifle Co., Ltd. User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040510 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: ipfw@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *1BPiNa-000NbA-00*6OzTpWjb0Bs* Subject: ipfw prefix-list support request X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 May 2004 13:42:10 -0000 Hi! I'm thinking about external prefix-lists in ipfw. This is like prefix-lists in Cisco IOS or tables in OpenBSD pf. In my opinion it will be very convenient to do the following: # use prefix-list ipfw add 100 allow ip from prefix-list goodcustomers to any // add prefixes to prefix-list #ipfw prefix-list goodcustomers add 10.0.0.0/24 ipfw prefix-list goodcustomers add 10.0.1.0/30 ipfw prefix-list goodcustomers add 10.0.1.5 // list prefixes in prefix-list #ipfw prefix-list goodcustomers list 10.0.0.0/24 (5 matches) 10.0.1.0/24 // clear counters in prefix-list #ipfw prefix-list goodcustomers zero // show all available prefix-lists #ipfw prefix-list show good-customers // delete items from prefix-list #ipfw prefix-list goodcustomers delete 10.0.0.0/24 // delete all items from prefix-list #ipfw prefix-list goodcustomers flush The main advantage is to maintain list of prefixes separately from rule, without tweaking the rule. Current syntax in ipfw2 doesn't allow to do this (or have I missed something?). Please tell your opinion about this feature, is it really will be useful not only for me? If so, we will try to implement this. -- Best wishes, Dmitry Sergienko (SDA104-RIPE) Trifle Co., Ltd.