ipfwcache man page on BSDOS

Man page or keyword search:  
man Server   6284 pages
apropos Keyword Search (all sections)
Output format
BSDOS logo
[printable version]

IPFWCACHE(8)		  BSD System Manager's Manual		  IPFWCACHE(8)

NAME
     ipfwcache - set / delete / modify BSD IP Filter address

SYNOPSIS
     ipfwcache [-dv] [-s buckets] [-T tag] [address [...]]

DESCRIPTION
     The ipfwcache utility is used to create and maintain address caches for
     IPFW filters.  An address cache is a hashed list of individual IP ad-
     dresses and can be used to speed up searching of large set of disjoint
     addresses (i.e., network masks are of very little use).  For smaller num-
     ber of addresses is is typically more efficient to allow the filter to
     sequentially search the addresses.

     An address cache can also be used to allow dynamic adding and deletion of
     IP addresses for a particular class of addresses.

     An address cache is always put on the CALL chain and cannot be directly
     invoked.

     With no arguments, a new cache is created.	 When adding addresses the -T
     option must be used to specify which cache should have the new addresses
     added to it.

     The following options are available:

     -d	     Delete rather than add entries.

     -s	     The default number of hash buckets is 997.	 Increasing the number
	     of buckets for very large number of addresses may improve perfor-
	     mance.

     -T	     Specify the tag for this cache.

     -v	     Be noisy while adding new entries.

     When one or more addresses are specified they are inserted into the spec-
     ified cache.  The address may have a trailing netmask attached (e.g.,
     192.168.42.64/28).	 This should be used with caution.  Each address in
     the network is then added.	 For example, 192.168.0.0/16 will add 65,536
     entries to the cache.

FILTER SPECIFIC DATA
     An address cache only checks one IP address.  By default it checks the
     destination address associated with the packet.  By using the filter spe-
     cific data value of 1 the source address is checked.  For instance, sup-
     pose a list of IP addresses associated with "bad guys" is installed in a
     cache with the tag of "bad-guys".	A pre-input filter might be installed
     with

	   call("bad-guys" : 1) { deny; }

     This will deny all packets from the bad guys.  The pre-output filter, to
     prevent us from sending to the bad guys, would then have:

	   call("bad-guys") { deny; }

SEE ALSO
     ipfw(8),  ipfwcmp(8),  ipfwlog(8)

			       January 19, 2000				     1
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server BSDOS

List of man pages available for BSDOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net