Queue and rules
Cole
cole at acenet.co.za
Sun Dec 14 05:42:25 PST 2003
Hi
I have setup the following queues and pipes.#pipes
$fwcmd pipe 1 config bw 3kbyte/s queue 0.5kbyte
$fwcmd pipe 2 config bw 128kbits/s queue 5Kbyte #outgoing
$fwcmd pipe 3 config bw 128kbits/s queue 5Kbyte #incoming
$fwcmd pipe 4 config bw 64kbits/s queue 5Kbyte #outgoing
$fwcmd pipe 5 config bw 64kbits/s queue 5Kbyte #incoming
#queues
$fwcmd queue 1 config pipe 2 weight 100 queue 10 #outgoing
$fwcmd queue 2 config pipe 2 weight 50 queue 10 #outgoing
$fwcmd queue 3 config pipe 3 weight 100 queue 10 #incoming
$fwcmd queue 4 config pipe 3 weight 50 queue 10 #incoming
I have also added the following 2 rules using the queues 1 and 3.
00202 queue 1 tcp from me to 196.34.*.* out via tun0
00203 queue 3 tcp from 196.34.*.* to me in via tun0
I put the *'s in just privacy sake, i have the full ip entered in the rules.
Now i wanted to block certain ports like ssh to or from that ip. I added the rule below rules 202 and 203, and no matter if i specify, deny all, deny tcp and the port, i can still get to those ports. I.e. if i add "ipfw add 205 deny tcp from me to 196.34.*.* 22" it will still allow me to connect.
I was wondering if its cause of the queue rules matching first and not bothering to check the rest. If this is the problem how do i do bandwidth shaping and then still use blocking/deny rules below those queue rules.
Of if there is another problem that im not seeing or missing, or a solution that you know might work, please let me know.
Im not subscribed to the mailing list so please reply to cole at acenet.co.za .
Thanx
/Cole
More information about the freebsd-ipfw
mailing list