Date: Fri, 11 Jun 2004 10:06:01 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Darren Reed <darrenr@hub.freebsd.org> Cc: cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c src/sys/netinet in.h ip_fw.h ip_fw2.c raw_ip.c Message-ID: <20040611070601.GA55472@ip.net.ua> In-Reply-To: <20040611022247.GA40799@hub.freebsd.org> References: <200406092010.i59KAcXH025699@repoman.freebsd.org> <200406100445.44763.max@love2party.net> <20040610214059.GA3228@ip.net.ua> <20040611022247.GA40799@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Jun 11, 2004 at 02:22:47AM +0000, Darren Reed wrote:
> On Fri, Jun 11, 2004 at 12:40:59AM +0300, Ruslan Ermilov wrote:
[...]
> > and so forth. And we have a small set of rules of the form:
> >=20
> > deny ip from table(1,0) to table(0) // bw=3D0
> > pipe 1 ip from table(1,128) to table(0) // bw=3D128Kbps
>=20
> And what if I do:
> deny 1 ip from table(1,128) to table(0)
^ wrong syntax
> or is that not allowed ?
>=20
"table(t[,v])" just causes the match if there's an entry
for a given src/dst IP in table "t". If optional "v" was
also specified, the match will be considered only if the
entry has this value too (otherwise, the value is ignored).
So yes, the command above is allowed, whatever real
meaning you put into it.
Cheers,
--=20
Ruslan Ermilov
ru@FreeBSD.org
FreeBSD committer
--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAyVnZqRfpzJluFF4RAju4AKCDZJT6n73UgHRofZO6meh6Tmh3zACdHFAZ
U8DEYZZOIOY/Qhr+ye2Zk44=
=S+zU
-----END PGP SIGNATURE-----
--x+6KMIRAuhnl3hBn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040611070601.GA55472>