FreeBSD ipfw tablearg

0

I'm configuring the FreeBSD firewall and have such situation:

51000 pipe tablearg ip from not table(17) to table(20) out xmit ng*
51010 pipe tablearg ip from table(21) to not table(17) in recv ng*
51020 pipe tablearg ip from any to table(18) out xmit ng*
51030 pipe tablearg ip from table(19) to any in recv ng*

Tables 18,19,20,21 have client IP addresses and pipe numbers; table 17 - list of networks.

Rules 51020 and 51030 work fine but what is going on at 51000 and 51010? How to determine firewall to take pipe number from tables 20 and 21 - not from 17?

Shamanu4

Posted 2010-05-21T15:57:58.497

Reputation: 101

Answers

0

Getting ipfw tableargs from tables when two tables are used: If 'not' statement is not used before destination table (second in row) pipe tablearg will be taken from it. In other case will be used other table. Totally we have: in rule 51000 is used table 20 and in rule 51010 - table 21.

Shamanu4

Posted 2010-05-21T15:57:58.497

Reputation: 101

Asked: 2010-05-21T15:57:58.497

Viewed: 670 times

Active: 2010-06-02T19:29:05.203