From owner-freebsd-ipfw@FreeBSD.ORG  Mon Apr  7 00:41:40 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ECE5237B401
	for <freebsd-ipfw@freebsd.org>; Mon,  7 Apr 2003 00:41:40 -0700 (PDT)
Received: from mout1.freenet.de (mout1.freenet.de [194.97.50.132])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E8C7C43F93
	for <freebsd-ipfw@freebsd.org>; Mon,  7 Apr 2003 00:41:39 -0700 (PDT)
	(envelope-from ino-qc@spotteswoode.de.eu.org)
Received: from [194.97.55.147] (helo=mx4.freenet.de)
	by mout1.freenet.de with asmtp (Exim 4.14)
	id 192RG6-0007bh-PP
	for freebsd-ipfw@freebsd.org; Mon, 07 Apr 2003 09:41:38 +0200
Received: from p3e9baafe.dip.t-dialin.net ([62.155.170.254]
	helo=spotteswoode.dnsalias.org)
	by mx4.freenet.de with asmtp (ID inode@freenet.de) (Exim 4.14 #2)
	id 192RG6-0002lo-DF
	for freebsd-ipfw@freebsd.org; Mon, 07 Apr 2003 09:41:38 +0200
Received: (qmail 1486 invoked by uid 0); 7 Apr 2003 07:41:34 -0000
Date: 7 Apr 2003 09:41:29 +0200
Message-ID: <4r5aoity.fsf@ID-23066.news.dfncis.de>
From: "clemens fischer" <ino-qc@spotteswoode.de.eu.org>
To: "Sereciya Kurdistani" <sereciya@kurdistan.ath.cx>
In-Reply-To: <20030406174116.GC15115@kurdistan.ath.cx> (Sereciya
 Kurdistani's message of "Sun, 6 Apr 2003 10:41:16 -0700")
References: <20030406174116.GC15115@kurdistan.ath.cx>
User-Agent: Gnus/5.090017 (Oort Gnus v0.17) Emacs/21.3.50 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-ipfw@freebsd.org
Subject: Re: Sereciya :: Prioritizing empty TCP ACKs... OpenBSD pf ->
 FreeBSD ipfw Translation
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Apr 2003 07:41:41 -0000

Sereciya Kurdistani <sereciya@kurdistan.ath.cx>:

>   Suggestions, recommendations & corrections gladly accepted; send
>   em over!

i'd suggest you start with something different:  spend some time
setting up scripts allowing you test firewall rules with frequent
changes.  the more you invest in this, the better you can
experiment.  note that ipfw allows you to log every rule firing, it
has options to list the rules together with the last time they fired.

just found an example in /usr/share/examples/ipfw/change_rules.sh.

you will find a lot more example especially on traffic shaping using
dummynet(4) in the documentation for ipa, and you'll find examples
for it in examples/ipa/.  if you have this nifty tool installed, that
is.

  clemens