ipfw tables syntax and usage


Active Member

Reaction score: 15
Messages: 246


FBSD7.2 + ipfw

I have a text file of IP addresses which I want to read and dynamically create 1 ipfw deny rule for many IPs instead of many rules each for 1 ip. Manpage gives me the idea i can read the file and add each IP to a table, then act on traffic from/to any IP in the table.

# IPs i want to block
exec < /etc/rc.ipfw_blocked_ips.txt
while read ip
  $ipfw -q add table 2 add $ip
$ipfw -q add deny tablearg ip from table\(2\) to any in via $oif

the ruleset is a #!/bin/sh shell file. It might be that I've got the shell syntax wrong for escaping characters though I thought my understanding of tablearg was incorrect. Manpage doesn't explicitly say tablearg can be used with a deny rule.

Building the tables seems to work.

# ipfw table all list
- - - table(2) - - - 0
82.96.xy.z/32 0

But running the script produces these errors:
ipfw: unrecognised option [-1] tablearg

I'm wondering if I even need tablearg to do what I want to do. Or if deny isn't a supported rule with tables, then maybe some other rule having the same effect like
skipto 65535
which is the default deny.

I haven't yet run across any examples doing a similar task. Any advice much appreciated.

Update: solved. Kept reading through pages and eventually found the answer here
The rule now reads
$ipfw -q add deny ip from table\(2\) to any in via $oif
The tablearg usage had me confused.