Help With ipwf Rules

Tim Daneliuk tundra at
Thu Jul 31 18:40:18 UTC 2014

I am working on a FreeBSD 10-STABLE machine that has two NICS:

    re0  - Connects to the internet
    em0  - NATs to a private flat Class C LAN  (192.168...)

There is already an IPFW ruleset in place, primarily to control
who can get in via re0 - pretty much anything is allowed out from
the FreeBSD machine itself and from the 192 network.

I need to add a few additional ipfw rules to do the following:

1) Bandwidth shaping/management.   I need to ensure that the total
    amount of bandwidth being used by hosts on the LAN never exceeds,
    say, 3 mb/sec down and 1 mb/sec up.  Then I need a similar rule
    for traffic originating ON the FreeBSD box itself.

2) I need to create rules that permit a VOIP phone to plug in on
    the NATed LAN and still work properly.

I am somewhat familiar with ipfw having set up the original rule set
but I am a bit unclear on how to do these two things.   The help of
some kind soul with the expertise would be most appreciated ...

Tim Daneliuk     tundra at
PGP Key:

More information about the freebsd-questions mailing list