Date: Thu, 30 May 2013 06:01:44 -0500 From: "Paul A. Procacci" <pprocacci@datapipe.com> To: Andreas Nilsson <andrnils@gmail.com> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: IPFW tablearg questions Message-ID: <20130530110144.GC97854@nat.myhome> In-Reply-To: <CAPS9%2BSueiESR7bTr5amQ4k_36h=j6-BAnBQ00TZA=CA3PC28eQ@mail.gmail.com> References: <CAPS9%2BSueiESR7bTr5amQ4k_36h=j6-BAnBQ00TZA=CA3PC28eQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The question: > Why can't you add a skipto to the default rule (65535)? http://lists.freebsd.org/pipermail/freebsd-ipfw/2007-June/003067.html > I also consider using tablearg with divert, but manpage is contradicting > itself in regards to divert with tablearg: > " divert port > Divert packets that match this rule to the divert(4) socket > bound > to port port. The search terminates." > vs > > "The tablearg argument can be used with the following > actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto= , > setfib, action parameters: tag, untag, rule options: limit, tagged." > > Also, in the EXAMPLES section one can find: > > " In the following example per-interface firewall is created: > > ipfw table 10 add vlan20 12000 > ipfw table 10 add vlan30 13000 > ipfw table 20 add vlan20 22000 > ipfw table 20 add vlan30 23000 > .. > ipfw add 100 ipfw skipto tablearg ip from any to any recv > 'table(10)' in > ipfw add 200 ipfw skipto tablearg ip from any to any xmit > 'table(10)' out > " > where ipfw add 100 ipfw skipto seems wrong... I'm not sure where the contradiction is. Have you tried something like the following as an example? I'm not sure the below works, but in my mind it does. ;) ############################################# ipfw table 10 add 129.168.0.0/24 1234 ipfw table 10 add 10.5.21.0/24 5678 ipfw add 100 divert tablearg ip from table(10) to any ############################################# Perhaps knowing what it is you are trying to accomplish would lead to a more concrete answer. ~Paul ________________________________ This message may contain confidential or privileged information. If you are= not the intended recipient, please advise us immediately and delete this m= essage. See http://www.datapipe.com/legal/email_disclaimer/ for further inf= ormation on confidentiality and the risks of non-secure electronic communic= ation. If you cannot access these links, please notify us by reply message = and we will send the contents to you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130530110144.GC97854>