how to make ipfw table?

how to make ipfw table?
in pf.conf:
Code:
table <unlimit> persist file "/etc/unlimit"
nat on $ext_if from <unlimit> to any -> a.b.c.d
and in ipfw how i can?
may be help me!
thank you!
 
I don't use ipfw but had a quick look at the manpage.

It looks like you will need to write a small script that reads /etc/unlimit and executes something like ipwf table 1 add $line for each line in the file.

Since there's no provisioning for persist you would also need to write a little script that will dump the table and write it to /etc/unlimit.

See ipfw(8)


It's probably simpler to keep using pf :e
 
i think this is number ( table 1)
code:
Code:
ipfw -q table 1 add 220.228.0.0/15
ipfw add 21999 set 15 deny ip from "table(1)" to 1.2.3.4

but i want file ( table )
 
In your firewall script, do something like:
Code:
# Populate the table with IPs/subnets
ipfw table 1 add 1.2.3.4
ipfw table 1 add 1.2.3.5
ipfw table 1 add 1.2.3.6

# Use the table in the rules
ipfw divert natd ip from 'table(1)' to any

Change the last line to work with whichever NAT setup you want (via natd or ipfw nat rules).
 
thank you.
I have list ip in country ( have many ip ).i want open port 80 for ip in my country and deny ip from international.
how i can?
code:
Code:
ipfw table 1 add 1.2.3.4
ipfw table 1 add 1.2.3.7
ipfw table 1 add 1.2.3.9
....................
if have 10000 ip how much i write?
thank you answer!
 
You can also add subnets:
Code:
ipfw table 1 add 1.2.3.0/24
That will add all the IPs fro 1.2.3.1 through 1.2.3.255.
 
but this is have very much ip.
ip A.B.C.1/24
a.b1.c1.1/24
a.b2.c2.1/24
.......
i have list ip ( txt )
i want
Code:
ipfw table 1 add list.txt
but i don't know?
may be help me?
 
You could, however, do something like this:

Code:
ipfw table 1 flush
cat list.txt | xargs ipfw table 1 add

Assuming that the entries in list.txt are in the correct format.
 
but, it's not good - very askance

???

Code:
#!/usr/bin/perl

# use File::Pid;
# my $pidfile = File::Pid->new( { file => '/var/run/x0.pid', } );
# my $pid = $pidfile->running;
# die "Service already running: $pid\n" if $pid;
# $pidfile->write;
# # You can uncomment this to script
# # At the same time does not start again

#my $spam = get("http://www.stopforumspam.com/downloads/bannedips.zip");

# system("ipfw table 1 flush > /dev/null &") if (defined $spam);

system("wget http://www.stopforumspam.com/downloads/bannedips.zip");

# use Archive::Zip;
# my $zip = Archive::Zip->new("bannedips.zip"); 
# $zip->extractTree(); 

system("/usr/local/bin/unzip bannedips.zip");

open( IPB, "bannedips.csv" );
$/ = '';    # Enable reading paragraphs
my $spam = <IPB>;
close IPB;

system("rm bannedips.csv");
system("rm bannedips.zip");

open( IP, "ipfw table 1 list |" );
$/ = '';   # Enable reading paragraphs
my $use_ip = <IP>;
close IP;

#####################
# IP которые уже присутствуют в таблице не удаляются
# а добавляются новые тех которых нету
# IP which are already present in the table are not removed
# And add new those who no
my %seen;
@seen{ return_ip($spam) } = ();
delete @seen{ return_ip($use_ip) };


foreach ( keys %seen ) {
    print $_;
    system( "exec ipfw table 1 add " . $_ );
}

sub return_ip {

    my $hash;
    $hash->{$1}++
      while $_[0] =~ /(\d+\.\d+\.\d+\.\d+)/smg xor 
          grep { $_ > 255 } split /\./,
        $1;
    return keys %$hash;

}

# $pidfile->remove;
# # You can uncomment this to script
# # At the same time does not start again

exit;
 
Back
Top