Date: Tue, 23 Nov 2004 19:27:16 -0500 From: NetAdmin <daemon@foxchat.net> To: tw@wsf.at Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW2 tables Message-ID: <1101256036.22644.69.camel@foxdaemon.com> In-Reply-To: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at> References: <20041123232907.gkw44hr838gk48@.mailhost.wsf.at>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-6L4Yxjyhg2ZjrZN4txC0
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Tue, 2004-11-23 at 22:29 +0000, Thomas Wolf wrote:
> NetAdmin <daemon@foxchat.net> schrieb:
>=20
>=20
> > > > Set rule as; *Note: found there was a problem using table (1)
> > > > {fwcmd} add 300 deny ip from table '1' to me
> > >=20
> > > The correct syntax that should work under any shell should be
> > > {fwcmd} add 300 deny ip from table\(1\) to me
> > > or
> > > {fwcmd} add 300 deny ip from "table(1)" to me
> > >=20
> > >=20
> >=20
> > Great! That worked. Thanks. Now, is there a page I can refer to for
> > other commands and syntax like adding multiple ports? =20
>=20
> 'man 8 ipfw' is still the best reference for commands and syntax (IMHO).
>=20
>=20
> > I tried the
> > following and assume it works.
> >=20
> > ${fwcmd} add 301 deny all from "table(2)" to me 20-25,110,113,143
> >=20
> > # ipfw show
> > 00301 0 0 deny ip from table(2) to me dst-port
> > 20-25,110,113,143
>=20
> That looks ok. Although I would 'unreach host' or 'reset' packets=20
> to ident (port 113). 'Dropping' them just gets you delays when
> querying mailservers and other services.
>=20
> Thomas
I did look at the man page for tables. The only thing really mentioned
is;
ipfw table number add addr[/masklen] [value]
ipfw table number delete addr[/masklen]
ipfw table number flush
ipfw table number list
and=20
LOOKUP TABLES
Lookup tables are useful to handle large sparse address sets,
typically
from a hundred to several thousands of entries. There could be 128
dif-
ferent lookup tables, numbered 0 to 127. etc... etc...
Make no mistake, I appreciate your help immensely and unless someone
else had responded, I would still be wondering what I needed to do.
However, I have checked the sources commonly available to newer users
including searches on google. Having said that, no where in 'man 8
ipfw' does it say how to add multiple ports in conjunction with Tables
or the correct syntax for adding the table to rc.firewall. Tables for
IPFW isn't even mentioned in
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
That is why I asked if anyone knew of any other sources of information
on Tables and their syntax. It is what I am still asking. Where can I
find more information on using tables with IPFW?
Respectfully,
Mark
--=-6L4Yxjyhg2ZjrZN4txC0
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQBBo9VkNirmlL8R/7sRAtw4AJ937LxHNzfnZfsfmodQ/MKxmcCzIwCgjV+0
rxmIVhNn0cZ2m01u5WO0kNI=
=uspW
-----END PGP SIGNATURE-----
--=-6L4Yxjyhg2ZjrZN4txC0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1101256036.22644.69.camel>