ipfw: limit bandwidth

Коньков Евгений kes-kes at yandex.ru
Wed Jan 27 16:40:59 UTC 2010

Hello, Martin.

First of all you must decide you want your shaper rule act as allow
rule or not:
kes# sysctl -a | grep one_pass
net.inet.ip.fw.one_pass: 0 or 1

man ipfw
     pipe pipe_nr
             Pass packet to a dummynet(4) ``pipe'' (for bandwidth limitation,
             delay, etc.).  See the TRAFFIC SHAPER (DUMMYNET) CONFIGURATION
             Section for further information.  The search terminates; however,
             on exit from the pipe and if the sysctl(8) variable
             net.inet.ip.fw.one_pass is not set, the packet is passed again to
             the firewall code starting from the next rule.

Second you do not need to put packet to pipe and to queue at same

use pipe to just limit rate or use queue to limit rate and process
groups of packets in round robin manner. packets are grouped my mask

pipe is like this:

queue is like this:

some doc:
translated by google:

MS> Hello

MS> I use FreeBSD 7.2 on a amd64. I want to limit the bandwidth thru
MS> this machine. Here is the relevante part of /etc/rc.firewall

MS> [snip]
MS> $ipfwcmd pipe 1 config bw 80kByte/s
MS> $ipfwcmd add pipe 1 ip from any to{100-254} via em1

MS> $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0xffffffff
MS> $ipfwcmd add queue 1 all from any to{100-254} via em1
MS> [snip]

MS> I generate this from different sources but it seems that it is not working. What do I'm wrong?

MS> Here the part from ipfw show:

MS> 00100       0          0 check-state
MS> 00200   24327    1497881 pipe 1 ip from any to{100-254} via em1
MS> 00300       0          0 queue 1 ip from any to{100-254} via em1
MS> [snip]

MS> Regards,

С уважением,
 Коньков                          mailto:kes-kes at yandex.ru

More information about the freebsd-questions mailing list