# how to make ipfw table?



## congavangkiev (Jul 30, 2009)

how to make ipfw table?
in pf.conf:

```
table <unlimit> persist file "/etc/unlimit"
nat on $ext_if from <unlimit> to any -> a.b.c.d
```
and in ipfw how i can?
may be help me!
thank you!


----------



## SirDice (Jul 31, 2009)

I don't use ipfw but had a quick look at the manpage.

It looks like you will need to write a small script that reads /etc/unlimit and executes something like *ipwf table 1 add $line* for each line in the file.

Since there's no provisioning for persist you would also need to write a little script that will dump the table and write it to /etc/unlimit.

See ipfw(8)


It's probably simpler to keep using pf :e


----------



## congavangkiev (Jul 31, 2009)

i think this is number ( table 1)
code:

```
ipfw -q table 1 add 220.228.0.0/15
ipfw add 21999 set 15 deny ip from "table(1)" to 1.2.3.4
```

but i want file ( table )


----------



## phoenix (Aug 3, 2009)

In your firewall script, do something like:

```
# Populate the table with IPs/subnets
ipfw table 1 add 1.2.3.4
ipfw table 1 add 1.2.3.5
ipfw table 1 add 1.2.3.6

# Use the table in the rules
ipfw divert natd ip from 'table(1)' to any
```

Change the last line to work with whichever NAT setup you want (via natd or ipfw nat rules).


----------



## congavangkiev (Aug 4, 2009)

thank you.
I have list ip in country ( have many ip ).i want open port 80 for ip in my country and deny ip from international.
how i can?
code:

```
ipfw table 1 add 1.2.3.4
ipfw table 1 add 1.2.3.7
ipfw table 1 add 1.2.3.9
....................
```
if have 10000 ip how much i write?
thank you answer!


----------



## phoenix (Aug 4, 2009)

You can also add subnets:

```
ipfw table 1 add 1.2.3.0/24
```
That will add all the IPs fro 1.2.3.1 through 1.2.3.255.


----------



## congavangkiev (Aug 5, 2009)

but this is have very much ip.
ip A.B.C.1/24
   a.b1.c1.1/24
   a.b2.c2.1/24
.......
i have list ip ( txt ) 
i want 

```
ipfw table 1 add list.txt
```
but i don't know? 
may be help me?


----------



## DutchDaemon (Aug 5, 2009)

Tables read from files are *not* a feature of ipfw.


----------



## DutchDaemon (Aug 5, 2009)

You could, however, do something like this:


```
ipfw table 1 flush
cat list.txt | xargs ipfw table 1 add
```

Assuming that the entries in list.txt are in the correct format.


----------



## congavangkiev (Aug 5, 2009)

now i understand.
Thank you


----------



## lissyara (Apr 9, 2010)

DutchDaemon said:
			
		

> Tables read from files are *not* a feature of ipfw.


is there any plans to implement such opportunities?
for large files (we have 60k lines) it's very slow


----------



## ProFTP (Apr 9, 2010)

http://bitbucket.org/hizel/py-ipfw/changeset/434dd0bc3cb7/
http://forum.lissyara.su/viewtopic.php?f=17&t=22076 (domestic development)


----------



## lissyara (Apr 9, 2010)

thanks, hizel say me another solutions
http://lists.freebsd.org/pipermail/freebsd-current/2010-April/016489.html
but, it's not good - very askance


----------



## ProFTP (Apr 9, 2010)

> but, it's not good - very askance



???


```
#!/usr/bin/perl

# use File::Pid;
# my $pidfile = File::Pid->new( { file => '/var/run/x0.pid', } );
# my $pid = $pidfile->running;
# die "Service already running: $pid\n" if $pid;
# $pidfile->write;
# # You can uncomment this to script
# # At the same time does not start again

#my $spam = get("http://www.stopforumspam.com/downloads/bannedips.zip");

# system("ipfw table 1 flush > /dev/null &") if (defined $spam);

system("wget http://www.stopforumspam.com/downloads/bannedips.zip");

# use Archive::Zip;
# my $zip = Archive::Zip->new("bannedips.zip"); 
# $zip->extractTree(); 

system("/usr/local/bin/unzip bannedips.zip");

open( IPB, "bannedips.csv" );
$/ = '';    # Enable reading paragraphs
my $spam = <IPB>;
close IPB;

system("rm bannedips.csv");
system("rm bannedips.zip");

open( IP, "ipfw table 1 list |" );
$/ = '';   # Enable reading paragraphs
my $use_ip = <IP>;
close IP;

#####################
# IP ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ðµ ÑƒÐ¶Ðµ Ð¿Ñ€Ð¸ÑÑƒÑ‚ÑÑ‚Ð²ÑƒÑŽÑ‚ Ð² Ñ‚Ð°Ð±Ð»Ð¸Ñ†Ðµ Ð½Ðµ ÑƒÐ´Ð°Ð»ÑÑŽÑ‚ÑÑ
# Ð° Ð´Ð¾Ð±Ð°Ð²Ð»ÑÑŽÑ‚ÑÑ Ð½Ð¾Ð²Ñ‹Ðµ Ñ‚ÐµÑ… ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ñ… Ð½ÐµÑ‚Ñƒ
# IP which are already present in the table are not removed
# And add new those who no
my %seen;
@seen{ return_ip($spam) } = ();
delete @seen{ return_ip($use_ip) };


foreach ( keys %seen ) {
    print $_;
    system( "exec ipfw table 1 add " . $_ );
}

sub return_ip {

    my $hash;
    $hash->{$1}++
      while $_[0] =~ /(\d+\.\d+\.\d+\.\d+)/smg xor 
          grep { $_ > 255 } split /\./,
        $1;
    return keys %$hash;

}

# $pidfile->remove;
# # You can uncomment this to script
# # At the same time does not start again

exit;
```


----------

