[with additional question] Re: ipfw//dummynet question
nkinkade at ub.edu.bz
Wed Feb 25 06:44:06 PST 2004
On Wed, Feb 25, 2004 at 06:47:30AM +0100, Hugo (6s-gaming.com) wrote:
> Hi list,
> Say I want to limit the bandwidth from all inside my lan to the outside.
> I'd create the pipes and make 2 rules to pipe any traffic (in&out). My
> question is, would creating these 2 rules make all traffic be promptly
> accepted, or would they be accepted or blocked based on the rest of the
> ruleset? If they're accepted upon the pipe rule, how to make they be piped
> BUT only accepted if they match any of the rules on the ruleset? Do I need
> to create pipe rules for _everything_ ?
If I understand your question, you can have any number of rules that all
use a single pipe. For example, you could have something like:
ipfw add pipe 1 ip from 10.0.0.0/24 to any dst-port 3333
ipfw add pipe 1 ip from 10.0.0.0/24 to www.somedomain.com
ipfw add pipe 1 ip from 10.0.1.50 to any
And maybe pipe 1 is configured as such:
pipe 1 config bw 50Kbyte/s
This actually brings me to a question of my own. The ipfw manpage talks
about making sure to keep in mind that packets are checked both 'in' and
'out'. I see that some people have implemented bandwidth rules using 2
separate rules for in and out. I have a setup that uses a 'keep-state'
on a single 'in' rule and it seems to work fine. What is the effective
or functional difference between using two separate rules for in and out
or a single rule using a keep-state? Is one more efficient than
another, or would the two do totally different things?
gpg --keyserver pgp.mit.edu --recv-keys D8527E49
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040225/5424fbb0/attachment.bin
More information about the freebsd-questions