Understanding where dummynet fits into an ipfw ruleset

Freddie Cash fjwcash at gmail.com
Fri Jun 27 20:27:14 UTC 2008


I'm trying to figure out how traffic shaping using dummynet fits into
an ipfw ruleset.

Mainly, I'm wondering where to put the "ipfw queue" rules (the ones
that send the packets to dummynet), in relation to the packet
filtering rules, or if it even matters.

For instance, do the queue rules apply to all the rules in the set, or
only to rules that follow after the queue rules (numerically)?

Say I've got a firewall setup that does 1:1 NAT for a bunch of servers
(allow incoming/outgoing traffic), as well as 1:many NAT for the
workstations (allow outgoing) on the LAN.  I want to add traffic
shaping rules that give traffic from the workstations to specific IPs
greater weight than general traffic from the workstations to the
Internet (ie reserve 25% of the bandwidth for important services).

Would I put the queue rules at the start of the ruleset or the end?
Or in the middle, just above the rules for the workstations?  Do I add
them after all the bad packet checks and general deny rules that are
at the top of the ruleset?

Just wondering how the queue rules interact with the general packet
filter rules, since they can have the same parameters.

Thanks.
-- 
Freddie Cash
fjwcash at gmail.com


More information about the freebsd-net mailing list