From owner-freebsd-ipfw@FreeBSD.ORG  Fri May  3 20:16:01 2013
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 9C092450
 for <freebsd-ipfw@freebsd.org>; Fri,  3 May 2013 20:16:01 +0000 (UTC)
 (envelope-from kudzu@tenebras.com)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com
 [IPv6:2607:f8b0:4003:c01::236])
 by mx1.freebsd.org (Postfix) with ESMTP id 69A6011A2
 for <freebsd-ipfw@freebsd.org>; Fri,  3 May 2013 20:16:01 +0000 (UTC)
Received: by mail-ob0-f182.google.com with SMTP id eh20so1726740obb.41
 for <freebsd-ipfw@freebsd.org>; Fri, 03 May 2013 13:16:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:x-received:in-reply-to:references:date:message-id
 :subject:from:to:cc:content-type:x-gm-message-state;
 bh=8VE9ha3vdUwBuWxcwT57PZ3YQgTKj87fEjtIK/jO/uU=;
 b=GDEpyE5gQe+629z83EKHkbPiTRoFJeqA3r2fVsRSGaN3I1+AmQ05zif+aVsoWdypXa
 7rSJVUfiAeX+ldEHrb91v1QgZlehWVii0F/EA6n0I4PHwlNBb8u1rHwp4Nysm0h1N+9o
 ni5rGS7JbveH9t7KNtNFuI/mEUhTVDPAqfs3kC1ISnjclat/KNJ/jinFDnwEEEP0x+BI
 cQVnrP1Ht6bPneYQLKTH8nlVLucKmUp5dKntm09GBehDl5TbFVXarF9t7HUCI2dEJ/6D
 pCWWkBD15tgYYPSlzVfWZeuDgKmg6v7APssNY/67t9daROiSIxrkzvz00dWBuEQYQdCz
 7PBw==
MIME-Version: 1.0
X-Received: by 10.182.80.35 with SMTP id o3mr3398914obx.13.1367612161039; Fri,
 03 May 2013 13:16:01 -0700 (PDT)
Received: by 10.60.140.229 with HTTP; Fri, 3 May 2013 13:16:00 -0700 (PDT)
In-Reply-To: <CAKOsuLr-AayiTOYoiyx5sSH_bbwkMoDpFsbWM9jPeyk-QLvkog@mail.gmail.com>
References: <CAKOsuLqQep1ZuFXp+pGrGzO_PiAa_ZM9zkrcY+wtnpSmkVeMqA@mail.gmail.com>
 <CAHu1Y717ec7=x3g1Gdv4q4qfyx0141msFVQVDSPoE-2ehC-hng@mail.gmail.com>
 <CAKOsuLr-AayiTOYoiyx5sSH_bbwkMoDpFsbWM9jPeyk-QLvkog@mail.gmail.com>
Date: Fri, 3 May 2013 13:16:00 -0700
Message-ID: <CAHu1Y72n6Wuz0Z6ivPuONPGpTfvMaNxFJG98N0aiASjO=U8tEw@mail.gmail.com>
Subject: Re: IPFW Table Size
From: Michael Sierchio <kudzu@tenebras.com>
To: Korodev <korodev@gmail.com>
X-Gm-Message-State: ALoCoQkvCNanzrcYrv5pLDHL5hUdbNOOde/UT87BzWWEeTnJXL2XimJpqFvIWsy1J8l9x/0BFQoR
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org>
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2013 20:16:01 -0000

Oh, it's not a bad idea to have different tables for different purposes - a
whitelist and a blacklist, for example.  The syntax I'd use in your example
is

ipfw add 05000 deny log ip from table\(2\) to any

and probably

ipfw add 05000 deny log ip from table\(2\) to any in recv $interface