From owner-cvs-src@FreeBSD.ORG Fri Jun 11 07:06:28 2004 Return-Path: Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0EE9216A4CE; Fri, 11 Jun 2004 07:06:28 +0000 (GMT) Received: from tigra.ip.net.ua (tigra.ip.net.ua [82.193.96.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16A3943D53; Fri, 11 Jun 2004 07:06:27 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by tigra.ip.net.ua (8.12.11/8.12.11) with ESMTP id i5B7Bx3m095953 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 11 Jun 2004 10:12:01 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.12.11/8.12.11) id i5B761YJ055673; Fri, 11 Jun 2004 10:06:01 +0300 (EEST) (envelope-from ru) Date: Fri, 11 Jun 2004 10:06:01 +0300 From: Ruslan Ermilov To: Darren Reed Message-ID: <20040611070601.GA55472@ip.net.ua> References: <200406092010.i59KAcXH025699@repoman.freebsd.org> <200406100445.44763.max@love2party.net> <20040610214059.GA3228@ip.net.ua> <20040611022247.GA40799@hub.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn" Content-Disposition: inline In-Reply-To: <20040611022247.GA40799@hub.freebsd.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: by amavisd-new X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: Max Laier cc: src-committers@FreeBSD.org cc: cvs-all@FreeBSD.org cc: cvs-src@FreeBSD.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c src/sys/netinet in.h ip_fw.h ip_fw2.c raw_ip.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jun 2004 07:06:28 -0000 --x+6KMIRAuhnl3hBn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 11, 2004 at 02:22:47AM +0000, Darren Reed wrote: > On Fri, Jun 11, 2004 at 12:40:59AM +0300, Ruslan Ermilov wrote: [...] > > and so forth. And we have a small set of rules of the form: > >=20 > > deny ip from table(1,0) to table(0) // bw=3D0 > > pipe 1 ip from table(1,128) to table(0) // bw=3D128Kbps >=20 > And what if I do: > deny 1 ip from table(1,128) to table(0) ^ wrong syntax > or is that not allowed ? >=20 "table(t[,v])" just causes the match if there's an entry for a given src/dst IP in table "t". If optional "v" was also specified, the match will be considered only if the entry has this value too (otherwise, the value is ignored). So yes, the command above is allowed, whatever real meaning you put into it. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --x+6KMIRAuhnl3hBn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAyVnZqRfpzJluFF4RAju4AKCDZJT6n73UgHRofZO6meh6Tmh3zACdHFAZ U8DEYZZOIOY/Qhr+ye2Zk44= =S+zU -----END PGP SIGNATURE----- --x+6KMIRAuhnl3hBn--