per protocol bandwidth filters for firewall

Odhiambo ワシントン odhiambo at
Mon May 4 16:49:16 UTC 2009

On Mon, May 4, 2009 at 6:33 PM, Tamar Lea <tamarlea at> wrote:

> Hello all,
> I have inherited the job of maintaining a FreeBSD firewall that sits behind
> an ADSL line that connects 128 clients to the internet. I have not used
> FreeBSD before but have some linux experience. The connections must be
> always on though I am allowed to reboot if absolutely necessary. It is
> using
> ipfilter and ipnat. There have been issues with clients taking up too much
> bandwidth, so after several hours of careful testing I managed to redirect
> all traffic on port 80 to a squid service using ipnat. This uses delay
> pools
> to limit the max speed per user. However I would also like to limit the max
> speed per user for streaming traffic on port 1935. Would this be possible
> with the current setup and what programs or config would be able to do the
> job?

If you consider PF+ALTQ, you will be able to do what IPFilter/IPNAT is doing
now and much more - just like you desire. You will also find it quite easy
to convert the current firewall/nat rules into PF syntax.

Best of luck!

Best regards,
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Clothes make the man.  Naked people have little or no influence on
              -- Mark Twain

More information about the freebsd-questions mailing list