From owner-freebsd-ipfw@FreeBSD.ORG  Mon May 17 07:17:36 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A2BB16A4CE
	for <ipfw@freebsd.org>; Mon, 17 May 2004 07:17:36 -0700 (PDT)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 73DE143D49
	for <ipfw@freebsd.org>; Mon, 17 May 2004 07:17:35 -0700 (PDT)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP
	id 876381FFDD3; Mon, 17 May 2004 16:17:33 +0200 (CEST)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id AF1301FFDC1; Mon, 17 May 2004 16:17:31 +0200 (CEST)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id EBA3F154E5; Mon, 17 May 2004 14:14:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.int.zabbadoz.net (Postfix) with ESMTP
	id E0B20154E2; Mon, 17 May 2004 14:14:16 +0000 (UTC)
Date: Mon, 17 May 2004 14:14:16 +0000 (UTC)
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net
To: Dmitry Sergienko <trooper+freebsd+ipfw@email.dp.ua>
In-Reply-To: <40A8C12D.5040906@email.dp.ua>
Message-ID: <Pine.BSF.4.53.0405171400530.27806@e0-0.zab2.int.zabbadoz.net>
References: <40A8C12D.5040906@email.dp.ua>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de
cc: ipfw@freebsd.org
Subject: Re: ipfw prefix-list support request
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 May 2004 14:17:36 -0000

On Mon, 17 May 2004, Dmitry Sergienko wrote:

> I'm thinking about external prefix-lists in ipfw. This is like
> prefix-lists in Cisco IOS or tables in OpenBSD pf.
> In my opinion it will be very convenient to do the following:

also sound like chains ?

...
> The main advantage is to maintain list of  prefixes separately from
> rule, without tweaking the rule.
> Current syntax in ipfw2 doesn't allow to do this (or have I missed
> something?).
>
> Please tell your opinion about this feature, is it really will be useful
> not only for me? If so, we will try to implement this.

use ipfw -p

p.ex. with m4 you can do

define(`goodcustomers',`{ 10.0.0.0/8 or 192.168.0.0/24 }')dnl
add permit ip from goodcustomers to goodcustomers

or s.th. like that. Of course you do not need -p /usr/bin/m4
if you simply want to write

add permit ip from { 10.0.0.0/8 or 192.168.0.0/24 } to { 10.0.0.0/8 or 192.168.0.0/24 }

You might want to use perl or s.th. else to build up the list
if you prefer Cisco config style but that's really a matter
of the preprocessor then.

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT