Date: Sun, 5 Sep 2010 17:53:11 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Anderson Eduardo <listas@secover.com.br> Cc: freebsd-current@freebsd.org Subject: Re: Using ipfw table names instead of numbers. Message-ID: <20100905155311.GA48095@onelab2.iet.unipi.it> In-Reply-To: <4C825094.5040204@secover.com.br> References: <4C825094.5040204@secover.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 04, 2010 at 10:58:44AM -0300, Anderson Eduardo wrote: > Hello developers, > > I use the ipfw firewall with many tables and, I would like of able to > use it with name/alias instead of just numbers. > > E.g: > > lab# ipfw table 1 name lanetwork > Setting table 1 to lanetwork > lab# ipfw table lanetwork add 192.168.0.0/24 > lab# ipfw table lanetwork list > 192.168.0.0/24 0 > lab# > > I think a good idea a patch to do that. if you have a patch feel free to post it. the main issue is that internally, for efficiency reason, the name must be translated to a number anyways, so before implementing it one must decide where the name-number translation table is stored and how it is managed The same applies to any name vs. number issue in ipfw/dummynet Service, protocol and host names solve these issues because there is a well defined place for the translation table. But, for instance, hostname mappings are static (translated at rule insertion time) whereas one might want a more dynamic behaviour (e.g. refresh whenever the DNS response expires). cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100905155311.GA48095>