Date: Tue, 23 Nov 2004 22:29:07 -0000 From: Thomas Wolf <tw@wsf.at> To: NetAdmin <daemon@foxchat.net>, freebsd-ipfw@freebsd.org Subject: Re: IPFW2 tables Message-ID: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at>
next in thread | raw e-mail | index | archive | help
NetAdmin <daemon@foxchat.net> schrieb:
> > > Set rule as; *Note: found there was a problem using table (1)
> > > {fwcmd} add 300 deny ip from table '1' to me
> >
> > The correct syntax that should work under any shell should be
> > {fwcmd} add 300 deny ip from table\(1\) to me
> > or
> > {fwcmd} add 300 deny ip from "table(1)" to me
> >
> >
>
> Great! That worked. Thanks. Now, is there a page I can refer to for
> other commands and syntax like adding multiple ports?
'man 8 ipfw' is still the best reference for commands and syntax (IMHO).
> I tried the
> following and assume it works.
>
> ${fwcmd} add 301 deny all from "table(2)" to me 20-25,110,113,143
>
> # ipfw show
> 00301 0 0 deny ip from table(2) to me dst-port
> 20-25,110,113,143
That looks ok. Although I would 'unreach host' or 'reset' packets
to ident (port 113). 'Dropping' them just gets you delays when
querying mailservers and other services.
Thomas
--
Thomas Wolf
Wiener Software Fabrik
Dubas u. Wolf GMBH
1050 Wien, Mittersteig 4
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041123232907.gkw44hr838gk48>