packet order, ipf or ipfw
Jeremie Le Hen
jeremie.le-hen at epita.fr
Thu Jul 29 00:39:53 PDT 2004
Hello Charlie,
> I'm running ipf because I like it ...but now I need to use ipfw's pipe
> feature. I was thinking that I could just run both, and keep all my
> rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all.
>
> It didn't work (no rate-limiting happened).. and I'm thinking that ipf
> is passing the packets and bypassing ipfw? Or something..
>
> So, what is the order, if I'm running ipf AND ipfw at the same time?
> Will it work at all in this manner?
Max Laier told you about FreeBSD 5.x which includes PFIL_HOOKS, but
since you did not mention whether you are using -STABLE or -CURRENT.
AFAIK, ipf takes precedence on ipfw for incoming packets on -STABLE,
and this is of course symmetric for outgoing ones.
But you should be warned that using ipnat(8) in conjunction to ipfw
pipes may lead to an incorrect behaviour :
http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685
Hackers, is this bug still alive in -CURRENT ?
Best regards,
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen at epita.fr
ttz at epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
More information about the freebsd-net
mailing list