Date: Mon, 17 May 2004 14:14:16 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Dmitry Sergienko <trooper+freebsd+ipfw@email.dp.ua> Cc: ipfw@freebsd.org Subject: Re: ipfw prefix-list support request Message-ID: <Pine.BSF.4.53.0405171400530.27806@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <40A8C12D.5040906@email.dp.ua> References: <40A8C12D.5040906@email.dp.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 May 2004, Dmitry Sergienko wrote:
> I'm thinking about external prefix-lists in ipfw. This is like
> prefix-lists in Cisco IOS or tables in OpenBSD pf.
> In my opinion it will be very convenient to do the following:
also sound like chains ?
...
> The main advantage is to maintain list of prefixes separately from
> rule, without tweaking the rule.
> Current syntax in ipfw2 doesn't allow to do this (or have I missed
> something?).
>
> Please tell your opinion about this feature, is it really will be useful
> not only for me? If so, we will try to implement this.
use ipfw -p
p.ex. with m4 you can do
define(`goodcustomers',`{ 10.0.0.0/8 or 192.168.0.0/24 }')dnl
add permit ip from goodcustomers to goodcustomers
or s.th. like that. Of course you do not need -p /usr/bin/m4
if you simply want to write
add permit ip from { 10.0.0.0/8 or 192.168.0.0/24 } to { 10.0.0.0/8 or 192.168.0.0/24 }
You might want to use perl or s.th. else to build up the list
if you prefer Cisco config style but that's really a matter
of the preprocessor then.
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0405171400530.27806>