Re: Significant missing item in 11.0 release notes
Thanks for the quick fix, Andrey! Now that this is taken care of, time to start playing with the cool new features... especially naming tables. Kevin Oberman, Part time kid herder and retired Network Engineer E-mail: rkober...@gmail.com PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683 On Mon, Aug 1, 2016 at 10:02 AM, Ian Smith <smi...@nimnet.asn.au> wrote: > On Mon, 1 Aug 2016 18:47:37 +0300, Andrey V. Elsukov wrote: > > On 01.08.16 18:43, Ian Smith wrote: > > > Fast work Andrey, and sorry for rushing in. I ASSumed, after reading > > > the new tables section in 11.0-R ipfw(8), that Kevin had run into: > > > > > >Tables require explicit creation via create before use. > > > > > > but diving - not too deeply - into the log of /head/sbin/ipfw/tables.c > > > from your commit, I think that statement must be out of date, at least > > > regarding existing ruleset table configuration? Is that right? > > > > If you want to use some new specific feature you need to create table > > explicitly. But for old rules generic tables will be created > > automatically (with warning). > > Exactly how I was hoped it would work, thankyou .. > > cheers, Ian > ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
Re: IPFW tables, dummynet and IPv6
On Sun, Dec 18, 2011 at 3:58 AM, Alexander V. Chernikov melif...@freebsd.org wrote: Pawel Tyll wrote: Hi lists, Are there any plans to implement IPv6 tables in ipfw? It would seem that our gov. may want to force us into IPv6 in 6 months ;) I've got working implementation for IPv4+IPv6 and interface tables: 15:56 [0] zfsbase# /usr/obj/usr/src/sbin/ipfw/ipfw table 2 list 1.2.3.4/30 0 2a02:978::/64 0 15:16 [0] zfsbase# /usr/obj/usr/src/sbin/ipfw/ipfw table 4 list em4/em4 2 vlan144/vlan144 1 vlan145/vlan145 11000 vlan146/vlan146 12000 I plan to commit it today/tomorrow. 8.2-S diff will be available, too Thanks! I've been wanting this for a long time as working around it involved some really, really ugly hacks if you must support IPv6 (which we do). -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
Re: Support for IPv6 tables in ipfw?
From: Raffaele De Lorenzo raffaele.delore...@libero.it Date: Wed, 11 Feb 2009 23:50:34 +0100 Hi, I developed with Luigi (as mentor) and Mariano Tortoriello the first release of ipfw with ipv6 extension. If you and the FreeBSD Community think that the tables functional is a good feature i can develop it for IPv6 protocol. Tables are invaluable for several functions. The most important to me is the ability to create a 'block' list that can be easily updated from a program or script. With a table you just need: add 00500 unreach port ip from table 86 to any in your standard configuration and then a script can do: table 22 add 2001:400:14:23::45 to add a system to the list. To do it without tables means finding an available rule and inserting the rule in the main table. I can do it without tables, but it works much better with them. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to freebsd-ipfw-unsubscr...@freebsd.org
