Ipfw accept rule

NetAdmin daemon at foxchat.net
Thu Sep 23 12:15:39 PDT 2004 

Here are my dummy net rules.  Not sure if they are exactly work or not
but they keep my kids from using all the upstream bandwidth.
If anyone has a better way, please by all means let me know.  The only
thing I'm not sure of, is where it goes in the rule set.  Here is where
I have mine and how it is set up.  Hope this helps.

	case ${natd_enable} in
	[Yy][Ee][Ss])
		if [ -n "${natd_interface}" ]; then
			${fwcmd} add divert natd all from any to any via ${natd_interface}
		fi
		;;
	esac

	${fwcmd} add skipto 20000 ip from any to any bridged

#---------------------- DUMMYNET Config --------------------------
#
	${fwcmd} add pipe 1 { tcp or udp } from ${iip1} to any 80-65000
	${fwcmd} pipe 1 config mask src-ip 0xffffff00 bw 384Kbit/s queue
20Kbytes
#
	${fwcmd} add pipe 2 ip from ${iip1} to any out
	${fwcmd} pipe 2 config mask src-ip 0xffffff00 bw 1024Kbit/s queue
20Kbytes
#
	${fwcmd} add pipe 3 ip from any to ${iip1} in
	${fwcmd} pipe 3 config mask dst-ip 0xffffff00 bw 1024Kbit/s queue
20Kbytes

${iip1} = 192.168.1.0/24

I used "whatmask" in /usr/ports/net-mgmt/whatmask to help figure out
what the netmask was for my subnet in case you use a different subnet
than I.


On Thu, 2004-09-23 at 02:48, Bikrant Neupane wrote:

> Hi,
>  When a packet hits "allow | accept | pass | permit" rule the packet is 
> accepted and the search is retiminated at that point. 
> 
> I need to accept the packet but still want the packet to continue travers 
> rules further below. However, once it hits "deny | drop" rule it should be 
> dropped and the search should terminate at that point. Is that possible with 
> IPFW?
> 
> regards,
> Bikrant
> 
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

-- 
NetAdmin for the FoxChat.Net IRC Network.
The FoxSurfer Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-isp/attachments/20040923/ae5ce3b0/attachment.bin

More information about the freebsd-isp mailing list