From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 23 22:05:30 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F193316A4CE for ; Tue, 23 Nov 2004 22:05:29 +0000 (GMT) Received: from FoxSurfer.Com (dns1.foxsurfer.com [69.90.8.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A70143D46 for ; Tue, 23 Nov 2004 22:05:29 +0000 (GMT) (envelope-from daemon@foxchat.net) Received: from foxdaemon.com (zapper@rrcs-24-172-9-74.midsouth.biz.rr.com [24.172.9.74]) by FoxSurfer.Com (8.12.11/8.12.11) with ESMTP id iANM5OZ8035264 for ; Tue, 23 Nov 2004 17:05:25 -0500 (EST) (envelope-from daemon@foxchat.net) From: NetAdmin To: freebsd-ipfw@freebsd.org In-Reply-To: <20041123223227.gjztbix9gu0wkg@.mailhost.wsf.at> References: <20041123223227.gjztbix9gu0wkg@.mailhost.wsf.at> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Cs+mZmt7z7d3Pkv+dPwv" Date: Tue, 23 Nov 2004 17:05:29 -0500 Message-Id: <1101247529.22644.52.camel@foxdaemon.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.2 FreeBSD GNOME Team Port Subject: Re: IPFW2 tables X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Nov 2004 22:05:30 -0000 --=-Cs+mZmt7z7d3Pkv+dPwv Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2004-11-23 at 21:32 +0000, Thomas Wolf wrote: > NetAdmin schrieb: >=20 > > I just found out about tables. I've been trying to google for correct > > syntax but as yet have not been able to find anything. Can anyone > > direct me to a good howto for setting up IPFW tables? Using 5.3 > > Release. > >=20 > > did the following; > >=20 > > # ipfw table 1 add 0.0.0.0/8 > >=20 > > shows > > # ipfw table 1 list > > 0.0.0.0/8 0 > >=20 > > Set rule as; *Note: found there was a problem using table (1) > > {fwcmd} add 300 deny ip from table '1' to me >=20 > The correct syntax that should work under any shell should be > {fwcmd} add 300 deny ip from table\(1\) to me > or > {fwcmd} add 300 deny ip from "table(1)" to me >=20 >=20 > > The odd part is, I get this with the 'ipfw show' command > > # ipfw show > > 00300 deny ip from 216.65.30.238 1 to me >=20 > Hm. is 'table' a hostname in your network? When i tried > your syntax, i got: > tele# ipfw add 1 count all from table '1' to me > ipfw: hostname ``table'' unknown > tele# >=20 > Thomas Great! That worked. Thanks. Now, is there a page I can refer to for other commands and syntax like adding multiple ports? I tried the following and assume it works. ${fwcmd} add 301 deny all from "table(2)" to me 20-25,110,113,143 # ipfw show 00301 0 0 deny ip from table(2) to me dst-port 20-25,110,113,143 Mark --=-Cs+mZmt7z7d3Pkv+dPwv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBo7QpNirmlL8R/7sRAjzhAJ9fqjBFiFdzMQz3nDbfExgCMTINogCeKi7g fz2mjyHRAX2QOZVy+OzvHHY= =rdmc -----END PGP SIGNATURE----- --=-Cs+mZmt7z7d3Pkv+dPwv--