# ipfw tables syntax and usage



## qsecofr (Jul 1, 2010)

Hi,

FBSD7.2 + ipfw

I have a text file of IP addresses which I want to read and dynamically create 1 ipfw deny rule for many IPs instead of many rules each for 1 ip.  Manpage gives me the idea i can read the file and add each IP to a table, then act on traffic from/to any IP in the table.


```
# IPs i want to block
exec < /etc/rc.ipfw_blocked_ips.txt
while read ip
do
  $ipfw -q add table 2 add $ip
done
$ipfw -q add deny tablearg ip from table\(2\) to any in via $oif
```

the ruleset is a #!/bin/sh shell file.  It might be that I've got the shell syntax wrong for escaping characters though I thought my understanding of tablearg was incorrect.  Manpage doesn't explicitly say tablearg can be used with a deny rule.

Building the tables seems to work.


```
# ipfw table all list
- - - table(2) - - -
12.0.0.0/16 0
82.96.xy.z/32 0
etc
```

But running the script produces these errors:

```
ipfw: unrecognised option [-1] tablearg
```

I'm wondering if I even need tablearg to do what I want to do.  Or if deny isn't a supported rule with tables, then maybe some other rule having the same effect like 

```
skipto 65535
```
 which is the default deny.

I haven't yet run across any examples doing a similar task.  Any advice much appreciated.

Update: solved.  Kept reading through pages and eventually found the answer here
http://www.devco.net/archives/2005/02/28/ipfw_tables.php
The rule now reads

```
$ipfw -q add deny ip from table\(2\) to any in via $oif
```
The tablearg usage had me confused.


----------

