Date: Wed, 19 Apr 2000 03:43:23 -0700 (PDT) From: Jaye Mathisen <mrcpu@internetcds.com> To: freebsd-net@freebsd.org Subject: IPFW comments, and a question... Message-ID: <Pine.BSF.4.21.0004190337580.7199-100000@schizo.cdsnet.net>
next in thread | raw e-mail | index | archive | help
Any reason the rule increment # can't be changed to something smaller like 10, or 20, rather than 100? If you add a lot of rules, you can burn up good size chunk of the available space in a hurry, even though it's pretty sparsely used. Maybe a sysctl frob? (Guess that would depend on when rc.sysctl is read wrt rc.firewall). I'm experimenting with the dummynet bandwidth stuff. A couple minor issues. 1) Everything passing through dummynet seems Peachy keeno, except ICMP traffic seems to pick up 40-50ms of delay, yet there's no delay configured on anything icmp related. Normal TCP/UDP traffic is going through fine. 2) Are all pipe rules scanned before pass/deny rules? Because when configuring a lot of pipes, there seems to be no way to assign rule numbers to a pipe, which makes figuring out where pass/deny rules should go if the number of pipes change. Other than those issues, it seems to work just peachy. I do not believe I am on this list, so please CC me in any response. FreeBSD 4.0-STABLE, compiled a few days ago. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004190337580.7199-100000>