Date: Wed, 26 Oct 2011 17:14:12 -0700 From: Julian Elischer <julian@freebsd.org> To: Michael Sierchio <kudzu@tenebras.com> Cc: Karim <fodillemlinkarim@gmail.com>, freebsd-ipfw@freebsd.org Subject: Re: ipfw rule processing performances Message-ID: <4EA8A254.9070700@freebsd.org> In-Reply-To: <CAHu1Y705Ds7d06c0Qm_BM_x%2BmGGgZB41P=p2Xg33a5qQvpiyJg@mail.gmail.com> References: <4EA6D78F.6010607@gmail.com> <4EA73BAB.70607@freebsd.org> <CAHu1Y71Lf8=x3=S8cf__aT2fxyv6eX_EBqZvybgzwi9Q%2BSfzRQ@mail.gmail.com> <4EA85168.5020103@gmail.com> <4EA853D7.4010305@freebsd.org> <CAHu1Y705Ds7d06c0Qm_BM_x%2BmGGgZB41P=p2Xg33a5qQvpiyJg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/26/11 2:39 PM, Michael Sierchio wrote: > On Wed, Oct 26, 2011 at 11:39 AM, Julian Elischer<julian@freebsd.org> wrote: > >> read up on all the things you can do with tablearg.. sometimes a single >> table can replace dozens of rules. > Julian - would you be so kind as to give an example? > > - M > off the top of my head: implement an ad-hoc RErouting table using fwd tablearg implement entirely differnt rules for a complicated set of subnets using skipto tablearg arbitrarily slow down all the traffic from everyone you don't like in the company using "lookup" and queue. from the man page: The tablearg argument can be used with the following actions: nat, pipe, queue, divert, tee, netgraph, ngtee, fwd, skipto action parameters: tag, untag, rule options: limit, tagged. and... # addresses we don't want to be seeing coming from outside.. ${fwcmd} table 1 add 10.0.0.0/8 ${fwcmd} table 1 add 172.16.0.0/12 ${fwcmd} table 1 add 192.168.0.0/16 # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes # RESERVED-1, DHCP auto-configuration, NET-TEST, MULTICAST (class D), # and class E) on the outside interface ${fwcmd} table 1 add 0.0.0.0/8 ${fwcmd} table 1 add 169.254.0.0/16 ${fwcmd} table 1 add 192.0.2.0/24 ${fwcmd} table 1 add 224.0.0.0/4 ${fwcmd} table 1 add 240.0.0.0/4
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EA8A254.9070700>