ipfw tables syntax and usage

qsecofr

Active Member

Reaction score: 15
Messages: 246

Hi,

FBSD7.2 + ipfw

I have a text file of IP addresses which I want to read and dynamically create 1 ipfw deny rule for many IPs instead of many rules each for 1 ip. Manpage gives me the idea i can read the file and add each IP to a table, then act on traffic from/to any IP in the table.

Code:
# IPs i want to block
exec < /etc/rc.ipfw_blocked_ips.txt
while read ip
do
  $ipfw -q add table 2 add $ip
done
$ipfw -q add deny tablearg ip from table\(2\) to any in via $oif

the ruleset is a #!/bin/sh shell file. It might be that I've got the shell syntax wrong for escaping characters though I thought my understanding of tablearg was incorrect. Manpage doesn't explicitly say tablearg can be used with a deny rule.

Building the tables seems to work.

Code:
# ipfw table all list
- - - table(2) - - -
12.0.0.0/16 0
82.96.xy.z/32 0
etc

But running the script produces these errors:
Code:
ipfw: unrecognised option [-1] tablearg

I'm wondering if I even need tablearg to do what I want to do. Or if deny isn't a supported rule with tables, then maybe some other rule having the same effect like
Code:
skipto 65535
which is the default deny.

I haven't yet run across any examples doing a similar task. Any advice much appreciated.

Update: solved. Kept reading through pages and eventually found the answer here
http://www.devco.net/archives/2005/02/28/ipfw_tables.php
The rule now reads
Code:
$ipfw -q add deny ip from table\(2\) to any in via $oif
The tablearg usage had me confused.
 
Top