using ipfw and ipf/ipnat together

[Nelis Lamprecht]

Hi,

I would like to make use of ipfw/dummynet traffic shaper and use it
together with ipnat/ipf's filtering. Hope this is possible ? This is a
personal preference so no need to tell me why I should just use ipfw
etc. 

Can someone suggest what I would or would not need to use in my rc.conf
and kernel please. I have selected the following ( FreeBSD 5.2R ):

rc.conf:

ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""
ipnat_enable="YES"
ipnat_program="/sbin/ipnat"
ipnat_rules="/etc/ipnat.rules"
ipmon_enable="YES"
ipmon_program="/sbin/ipmon"
ipmon_flags="-Dsvn"
ipnat_enable="YES"

kernel config:

options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         PFIL_HOOKS              #required by IPFILTER
options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
options         IPFIREWALL              #firewall
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by default
options         DUMMYNET                #bandwidth limiter
options         IPSTEALTH               #support for stealth forwarding

Seeing as though I'm not using ipfw filtering I thought I could just
allow everything through by default. Will dummynet still work if
IPFIREWALL_DEFAULT_TO_ACCEPT is set ?

Any suggestions appreciated.

Thanks.

-- 
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040217/88205f58/attachment.bin