Date: Fri, 3 May 2013 13:35:00 -0700 From: Freddie Cash <fjwcash@gmail.com> To: Michael Sierchio <kudzu@tenebras.com> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: IPFW Table Size Message-ID: <CAOjFWZ4nr8X76wPn5GiyR5LBhcunKX1u78cRJxTxbymjeyfB2Q@mail.gmail.com> In-Reply-To: <CAHu1Y71m5iawXftKA6GyDk=OLhyAfW26BETYgCMVZV1k499rBQ@mail.gmail.com> References: <CAKOsuLqQep1ZuFXp%2BpGrGzO_PiAa_ZM9zkrcY%2BwtnpSmkVeMqA@mail.gmail.com> <CAHu1Y717ec7=x3g1Gdv4q4qfyx0141msFVQVDSPoE-2ehC-hng@mail.gmail.com> <CAOjFWZ6VrRNqiFyz5%2BJj60jE-QX8ztLE=AuMpz0yijkGcRdY_g@mail.gmail.com> <CAHu1Y71m5iawXftKA6GyDk=OLhyAfW26BETYgCMVZV1k499rBQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 3, 2013 at 1:13 PM, Michael Sierchio <kudzu@tenebras.com> wrote: > The syntax is described in the man page, but there are no examples. My > example works ;-) > > Yes, I know it's in the man page, but the description is beyond vague, and there are no usage examples, nor comparisons to the "normal" table(number) syntax. Hence my questions. :) > The first entry is a network, which might have a /32, in which case it's a > single IP addr. > > > > What's the difference between: > > > > ipfw add 05000 skipto tablearg ip from any to me in recv $if_wan lookup > > src-ip $table_number > > > > ipfw add 05000 skipto tablearge ip from table\($table_number\) to my in > > recv $if_wan > So, the difference would be that you can use table(number) anywhere you can use an IP, but "lookup" syntax goes at the end of a rule and the result of the lookup is then put into the normal rule in the field specified? Meaning, the two examples above are identical (minus my just-noticed typos)? Basically, the "lookup" syntax is a way of doing variable expansion in the normal rule syntax. 1. Do the lookup, get a result 2. Replace <field> in main rule with result from lookup 3. Evaluate the rule and compare the packet to it. Interesting. This would cleanup the syntax of my rules-creation scripts and make it easier to manually type rules at the CLI. Anyone feel like updating the man page to make the syntax easier to understand, and to provide some usage examples? ;) -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ4nr8X76wPn5GiyR5LBhcunKX1u78cRJxTxbymjeyfB2Q>