From owner-freebsd-net@FreeBSD.ORG Mon May 19 09:15:49 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7A7F1EB1 for ; Mon, 19 May 2014 09:15:49 +0000 (UTC) Received: from mail-oa0-x22b.google.com (mail-oa0-x22b.google.com [IPv6:2607:f8b0:4003:c02::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3ED22234C for ; Mon, 19 May 2014 09:15:49 +0000 (UTC) Received: by mail-oa0-f43.google.com with SMTP id l6so5881221oag.16 for ; Mon, 19 May 2014 02:15:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3qiPZveMcl7y7lnvC+Z9alX69hPaumZkG2dHJOZh0Ms=; b=oW7abyQ5satS8hDw/DIfYKE3z5LvqluH4YQP8WUFwBfGhkKd5OQjnfHzly0LoIO8ED m3JmuzmV8EKyHF6eYqjSScfcSkgnqEcskD7UrUqFqjhy3AyfmW9lWu+u8qGsvzTmFOVP UGSkdpyg/bb5tSxkgQ9n7pRr88kZ5SLSpDQUFbqvpboSJ7Tobd+nqPyYiUYIdpOaYsmK 9XmewJTpP8A65OJz79/nRq/mHFpAnVXgTDVe08H80jGWxOs/WKDaQb1hyantm/AYnhB7 hyebPOLvgPFrPF7C7uRJg0K1U03kRvHKridor2bD07rlXezVZ2oH0a+lYC5HuYlw8F6M /LFQ== MIME-Version: 1.0 X-Received: by 10.60.62.211 with SMTP id a19mr2255924oes.71.1400490948202; Mon, 19 May 2014 02:15:48 -0700 (PDT) Received: by 10.76.170.39 with HTTP; Mon, 19 May 2014 02:15:48 -0700 (PDT) In-Reply-To: <5379C6B6.4030105@smartspb.net> References: <5371084F.1060009@bsdinfo.com.br> <5371112B.2030209@bsdinfo.com.br> <5371E9E7.70400@smartspb.net> <5371F4C8.3080501@FreeBSD.org> <53720AA4.80909@smartspb.net> <537767C5.80205@FreeBSD.org> <53783333.3010205@freebsd.org> <5379C6B6.4030105@smartspb.net> Date: Mon, 19 May 2014 11:15:48 +0200 Message-ID: Subject: Re: [Was]: Problem with ipfw table add 0.0.0.0/8 From: Andreas Nilsson To: Dennis Yusupoff Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2014 09:15:49 -0000 On Mon, May 19, 2014 at 10:54 AM, Dennis Yusupoff wrote: > Alex, Bill, it's a good news, glad to hear it. > > Let me ask even more functionality: > > 6. Test if entry exist in table: > ipfw table test > It extremely useful in case of big, unordered data in the table - for > example different networks with different mask. Now it's almost > impossible to find out is checked IP occurs in the table or not. > So having 10.0.1.1/16 in table and looking for 10.0.240.15 would say in table? That would be nice. > > 7. Are the any reason to keep use numbers only as table names? The more > tables uses, the harder to distinct tables in quick look at rules. Compar= e: > ipfw add [line] allow icmp from "table(1)" to "table(2)" > and something like > ipfw add [line] allow icmp from "table(trusted)" to "table(backbone)" > > Any comments are welcome. > > If table can have names, the above would be really nice as well. /A > > 19.05.2014 11:51, Bill Yuan =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > > Hi Alex, > > > > You guys are chatting here! I agree with you, the table is the place > > should be enhanced, and I am working in this way as described below > > > > 1. Support more types. > > ip : cidr > > ipv4 : same as ip > > ipv6 : ip addr v6 > > mac : mac address > > iface : interface name > > interface : same as iface > > port : it is Alex's idea, I dont know how it works. > > > > 2. Setup the table type > > ipfw table type > > it will setup the type of the table, and flush the table > > > > 3. Get table type > > ipfw table type show > > > > 4. Add item into the table > > ipfw table add > > > > a. get the type of table > > b. if the type is not defined yet, that also means the table is new or > > empty, > > then guess the type based on the > > c. format the and insert into the table. > > > > In this way so call "back compatible" > > > > 5. how to use table > > > > case 1 > > ipfw add [line] allow icmp from "table(1)" to "table(2)" > > in the ipfw userland command, it should check the table1 and table 2 > > should be ipv4 or ipv6 type > > > > case 2 > > ipfw add allow icmp from any to any MAC "table(3)" "table(4)" > > in this case, the table(3) and table(4) should be a table of MAC > > addresses. > > > > case 3 > > ipfw add allow icmp from any to any via table(5) > > in this case, the table 5 should be table of interface names. > > > > -- > Best regards, > Dennis Yusupoff, > network engineer of > Smart-Telecom ISP > Russia, Saint-Petersburg > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"