On Mon, Sep 24, 2012 at 12:35 PM, Darrel <levi...@iglou.com> wrote:
> Can someone please send an exmaple of how to properly use tables?
Quick, trivial example - this doesn't help you understand tableargs,
this is just efficiently to handle a very large list of sparse nets.
PEERS="/etc/ipfw/permitted_hosts.txt"
cat $PEERS | awk '/^[1-9][0-9\.][0-9\.]*/ { print "ipfw table 1 add", $1 }' | sh
$FW add 01000 check-state
[ a bunch of rules ]
$FW add 05000 allow tcp from table\(1\) to me 7514 in recv $OUTSIDE_IF
setup keep-state
$FW add 06000 deny tcp from any to me in recv $OUTSIDE_IF
Now, if you want to atomically change tables without altering
instantiated dynamic rules, you can use separate tables and swap
rulesets. You can use tableargs (the second parameter when adding an
entry to the table) as a rule number to skipto, or as a tag in
logging, etc.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
