From owner-freebsd-net@FreeBSD.ORG  Mon May 19 13:38:50 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 83A1F758
 for <freebsd-net@freebsd.org>; Mon, 19 May 2014 13:38:50 +0000 (UTC)
Received: from quix.smartspb.net (quix.smartspb.net [217.119.16.133])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3A2462CC4
 for <freebsd-net@freebsd.org>; Mon, 19 May 2014 13:38:50 +0000 (UTC)
Received: from dyr.smartspb.net ([217.119.16.26] helo=[127.0.0.1])
 by quix.smartspb.net with esmtpsa (TLSv1:AES256-SHA:256)
 (Exim 4.61 (FreeBSD)) (envelope-from <dyr@smartspb.net>)
 id 1WmNpb-000OF6-Mv
 for freebsd-net@freebsd.org; Mon, 19 May 2014 17:42:19 +0400
Message-ID: <537A0967.1000808@smartspb.net>
Date: Mon, 19 May 2014 17:38:47 +0400
From: Dennis Yusupoff <dyr@smartspb.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
CC: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>
Subject: Re: [Was]: Problem with ipfw table add 0.0.0.0/8
References: <5371084F.1060009@bsdinfo.com.br>	<F78BF3AC-F031-4528-A4C1-5B22E88CEC00@dataix.net>	<5371112B.2030209@bsdinfo.com.br>	<5371E9E7.70400@smartspb.net>	<5371F4C8.3080501@FreeBSD.org>	<53720AA4.80909@smartspb.net>	<537767C5.80205@FreeBSD.org>	<53783333.3010205@freebsd.org>	<F061517D-0A79-4734-A032-1F2BE060C8F6@dataix.net>
 <CAC+JH2xDM2u97Oa1YsG78x_6xdzTpBS-QD-cSfaWSKkKBU8GDg@mail.gmail.com>
 <5379C6B6.4030105@smartspb.net> <537A00AC.6050305@FreeBSD.org>
 <537A0560.2070902@gmail.com>
In-Reply-To: <537A0560.2070902@gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Antivirus: avast! (VPS 140519-0, 19.05.2014), Outbound message
X-Antivirus-Status: Clean
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 13:38:50 -0000

It's not enough, actually.
Imagine what you have a table with different networks. If you'll try to
find out is an IP belongs to some of that networks from the table, you
should to write relatively serious "wrapper" with network range
calculations in it. Or can you show differ (easier) way?
So it's REALLY usefull to implement that functions "out-of-the-box".
I'm risking to be annoying, but there is a good (from customers point of
view) example of tables manipulation in Linux: ipset project
(http://ipset.netfilter.org/ipset.man.html)

19.05.2014 17:21, bycn82 пишет:
> It will be nice to have this feature,
> but since the `ipfw table <id> list` is existing,
> so I think this can be implemented outside the ipfw.
> (personal opinion only )
>


-- 
Best regards,
Dennis Yusupoff,
network engineer of
Smart-Telecom ISP
Russia, Saint-Petersburg