summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjulian <julian@FreeBSD.org>2008-08-01 22:34:01 +0000
committerjulian <julian@FreeBSD.org>2008-08-01 22:34:01 +0000
commit4bfc008c7a2b81b73fbdc62f9a818abe43b4d9a2 (patch)
treee64c229d5b409aff804eec3334c5fe102a6e1e4a
parentd0df04c3c1b2cab788d64a46bca6cf8d63336f8b (diff)
downloadFreeBSD-src-4bfc008c7a2b81b73fbdc62f9a818abe43b4d9a2.zip
FreeBSD-src-4bfc008c7a2b81b73fbdc62f9a818abe43b4d9a2.tar.gz
Document the use of the tablearg keyword together with the skipto command.
-rw-r--r--sbin/ipfw/ipfw.819
1 files changed, 16 insertions, 3 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8
index 9ca58f1..6ab112c 100644
--- a/sbin/ipfw/ipfw.8
+++ b/sbin/ipfw/ipfw.8
@@ -788,12 +788,17 @@ The search terminates.
Discard packets that match this rule, and if the
packet is a TCP packet, try to send a TCP reset (RST) notice.
The search terminates.
-.It Cm skipto Ar number
+.It Cm skipto Ar number | tablearg
Skip all subsequent rules numbered less than
.Ar number .
The search continues with the first rule numbered
.Ar number
-or higher.
+or higher. It is possible to use the
+.Cm tablearg
+keyword with a skipto for a
+.Em computed
+skipto, but care should be used, as no destination caching
+is possible in this case so the rules are always walked to find it.
.It Cm tee Ar port
Send a copy of packets matching this rule to the
.Xr divert 4
@@ -1619,10 +1624,12 @@ The
feature provides the ability to use a value, looked up in the table, as
the argument for a rule action, action parameter or rule option.
This can significantly reduce number of rules in some configurations.
+If two tables are used in a rule, the result of the second (destination)
+is used.
The
.Cm tablearg
argument can be used with the following actions:
-.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd
+.Cm nat, pipe , queue, divert, tee, netgraph, ngtee, fwd, skipto
action parameters:
.Cm tag, untag,
rule options:
@@ -1635,6 +1642,12 @@ that are in the form of IP addresses or hostnames.
See the
.Sx EXAMPLES
Section for example usage of tables and the tablearg keyword.
+.Pp
+When used with the
+.Cm skipto
+action, the user should be aware that the code will walk the ruleset
+up to a rule equal to, or past, the given number, and should therefore try keep the
+ruleset compact between the skipto and the target rules.
.Sh SETS OF RULES
Each rule belongs to one of 32 different
.Em sets
OpenPOWER on IntegriCloud