Date: Sun, 15 Aug 2004 15:54:36 -0400 From: Barney Wolff <barney@databus.com> To: Fargo Holiday <galaxy.ranger@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: [FreeBSD 5.2] Bandwith and packet throttling Message-ID: <20040815195436.GA25279@pit.databus.com> In-Reply-To: <4a1299a4040815113178caa332@mail.gmail.com> References: <4a1299a404081414287a9ecbc@mail.gmail.com> <20040815104243.GA43915@shellma.zin.lublin.pl> <4a1299a4040815113178caa332@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 15, 2004 at 11:31:07AM -0700, Fargo Holiday wrote: > > cramster# ipfw show > 00050 14819576 8458459132 divert 8668 ip from any to any via dc0 > 00100 250 32470 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 44478701 31835950367 allow ip from any to any > 65100 0 0 pipe 1 ip from 10.0.0.8 to any > 65200 0 0 pipe 2 ip from any to 10.0.0.8 > 65535 0 0 deny ip from any to any man ipfw will point out that the first allow or deny that "hits" terminates rule processing. Perhaps you're more familiar with other firewalls, where this sensible design is not the normal case. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040815195436.GA25279>