Date: Sat, 24 Aug 2019 21:13:49 +0300 From: Victor Gamov <vit@otcnet.ru> To: freebsd-net@freebsd.org Subject: finding optimal ipfw strategy Message-ID: <f38b21a5-8f9f-4f60-4b27-c810f78cdc88@otcnet.ru>
next in thread | raw e-mail | index | archive | help
Hi All I have nonstandard network task for my FreeBSD box: many VLANs bridged together via bridge interface and specific multicast traffic must be send from one VLAN to many (but not all) other VLANs. I use ipfw to block traffic on unwanted outgoing interfaces. And my answer: which ipfw rules more optimal 1 or 2 (see 1 and 2 later) when I have about 100 incoming multicast and about 100 vlans? 1 ===== ipfw table Mcast1_iface_out create type iface ipfw table Mcast1_iface_out add vlan20 ipfw table Mcast1_iface_out add vlan30 ipfw table Mcast1_iface_out add vlan40 ipfw add 25000 allow udp from IP1 to mcast1 out via table(Mcast1_iface_out) ipfw table Mcast2_iface_out create type iface ipfw table Mcast2_iface_out add vlan20 ipfw table Mcast2_iface_out add vlan30 ipfw add 35000 allow udp from IP1 to mcast2 out via table(Mcast2_iface_out) ipfw table All_vlans create type iface ipfw table All_vlans add vlan20 ipfw table All_vlans add vlan30 ipfw table All_vlans add vlan40 ipfw add 50000 deny udp from any to any via table(All_vlans) ===== 2 ===== ipfw table Mcast_vlan20_out create type addr ipfw table Mcast_vlan20_out add 232.10.20.1/32 ipfw table Mcast_vlan20_out add 232.10.20.2/32 ipfw table Mcast_vlan20_out add 232.10.20.3/32 ipfw add 25000 allow udp from IP1 to table(Mcast_vlan20_out) out via vlan20 ipfw add 25001 deny udp from any to any via vlan20 ipfw table Mcast_vlan30_out create type addr ipfw table Mcast_vlan30_out add 232.10.20.1/32 ipfw table Mcast_vlan30_out add 232.10.20.2/32 ipfw table Mcast_vlan30_out add 232.10.55.5/32 ipfw add 35000 allow udp from IP1 to table(Mcast_vlan30_out) out via vlan30 ipfw add 35001 deny udp from any to any via vlan30 ===== Thanks for your advise! -- CU, Victor Gamov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f38b21a5-8f9f-4f60-4b27-c810f78cdc88>