From owner-freebsd-ipfw@FreeBSD.ORG Mon Oct 11 11:02:25 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38D6716A4CE for ; Mon, 11 Oct 2004 11:02:25 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2CA7E43D2D for ; Mon, 11 Oct 2004 11:02:25 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i9BB2Pks079100 for ; Mon, 11 Oct 2004 11:02:25 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i9BB2OBJ079094 for ipfw@freebsd.org; Mon, 11 Oct 2004 11:02:24 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 11 Oct 2004 11:02:24 GMT Message-Id: <200410111102.i9BB2OBJ079094@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 11:02:25 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] kern/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work f [2004/03/25] kern/64694 ipfw [ipfw] UID/GID matching in ipfw non-funct 5 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/08/03] kern/69963 ipfw ipfw: install_state warning about already o [2004/09/04] kern/71366 ipfw "ipfw fwd" sometimes rewrites destination 9 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 13 04:18:15 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 363DB16A4CE for ; Wed, 13 Oct 2004 04:18:15 +0000 (GMT) Received: from mail.physics.purdue.edu (franklin.physics.purdue.edu [128.210.146.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id D998C43D2D for ; Wed, 13 Oct 2004 04:18:14 +0000 (GMT) (envelope-from crh@physics.purdue.edu) Received: from localhost (localhost [127.0.0.1]) by mail.physics.purdue.edu (Postfix) with ESMTP id 6E11A6D680 for ; Tue, 12 Oct 2004 23:18:14 -0500 (EST) Received: from mail.physics.purdue.edu ([127.0.0.1])port 10024) with ESMTP id 10545-07 for ; Tue, 12 Oct 2004 23:18:13 -0500 (EST) Received: from physics.purdue.edu (curie.physics.purdue.edu [128.210.68.223]) by mail.physics.purdue.edu (Postfix) with ESMTP id 8F03E6D690 for ; Tue, 12 Oct 2004 23:18:13 -0500 (EST) Received: by physics.purdue.edu (Postfix, from userid 8028) id 4E40959; Tue, 12 Oct 2004 23:18:13 -0500 (EST) Date: Tue, 12 Oct 2004 23:18:13 -0500 From: "Charles R. Hunter" To: freebsd-ipfw@freebsd.org Message-ID: <20041013041813.GH67624@curie.physics.purdue.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new at physics.purdue.edu Subject: bursting traffic? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 04:18:15 -0000 Hello! I'm pretty new to ipfw with respect to using dummynet pipes and queues for traffic shaping. For the life of me, I can't figure out how to do something I want: How to force my interface to burst its traffic. That is, I want a pipe that has a delay of A and a bandwidth of B but will stall itself at the *end* of a count C of slots/bytes/whatever for a defined waiting period D and then continue. Do I want a configurable queue delay maybe? The ipfw/dummynet docs talk about the delay caused by a deep queue but doesn't mention a way to explicitly set a delay like you can for pipes. Is there any way to accompish this with multiple pipes and queues perhaps? Thanks, Charles -- Charles R. Hunter Director, Physics Computer Network Purdue University crh XatX physics.purdue.edu From owner-freebsd-ipfw@FreeBSD.ORG Wed Oct 13 07:35:42 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 794DC16A4CF for ; Wed, 13 Oct 2004 07:35:42 +0000 (GMT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03B0743D1F for ; Wed, 13 Oct 2004 07:35:42 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.8) with ESMTP id i9D7Zffn028704; Wed, 13 Oct 2004 00:35:41 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id i9D7ZfnR028703; Wed, 13 Oct 2004 00:35:41 -0700 (PDT) (envelope-from rizzo) Date: Wed, 13 Oct 2004 00:35:41 -0700 From: Luigi Rizzo To: "Charles R. Hunter" Message-ID: <20041013003541.B28421@xorpc.icir.org> References: <20041013041813.GH67624@curie.physics.purdue.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20041013041813.GH67624@curie.physics.purdue.edu>; from crh@physics.purdue.edu on Tue, Oct 12, 2004 at 11:18:13PM -0500 cc: freebsd-ipfw@freebsd.org Subject: Re: bursting traffic? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Oct 2004 07:35:42 -0000 On Tue, Oct 12, 2004 at 11:18:13PM -0500, Charles R. Hunter wrote: > > Hello! > > I'm pretty new to ipfw with respect to using dummynet pipes and > queues for traffic shaping. For the life of me, I can't figure out > how to do something I want: > > How to force my interface to burst its traffic. you cannot do that with dummynet. it is designed to smooth traffic out of an interface, not burst it. cheers luigi > That is, I want a pipe that has a delay of A and > a bandwidth of B but will stall itself at the *end* of > a count C of slots/bytes/whatever for a defined waiting period D > and then continue. > > Do I want a configurable queue delay maybe? > > The ipfw/dummynet docs talk about the delay caused by a deep queue > but doesn't mention a way to explicitly set a delay like you > can for pipes. > > Is there any way to accompish this with multiple pipes and queues > perhaps? > > Thanks, > > Charles > -- > Charles R. Hunter > Director, Physics Computer Network > Purdue University crh XatX physics.purdue.edu > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 14 23:18:23 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9C44916A4D1 for ; Thu, 14 Oct 2004 23:18:23 +0000 (GMT) Received: from palau.edu (pcc.palaunet.com [202.124.226.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D2BC43D2F for ; Thu, 14 Oct 2004 23:18:19 +0000 (GMT) (envelope-from root@palau.edu) Received: (from root@localhost) by palau.edu (8.11.6/8.11.6) id i9ENVfo21279 for ipfw@freebsd.org; Fri, 15 Oct 2004 08:31:41 +0900 Message-Id: <200410142331.i9ENVfo21279@palau.edu> Date: Fri, 15 Oct 2004 08:31:40 +0900 From: webmaster@palau.edu To: ipfw@freebsd.org Subject: Inflex scan report [1015083121232] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Oct 2004 23:18:23 -0000 Administrator Email Reply Address: webmaster Email sent to: debra@palau.edu Inflex ID: 1015083121232 Report Details ----------------------------------------------- AntiVirus Results... +-----------------------------------------------------+ | AntiViral Toolkit Pro by Eugene Kaspersky for Linux | | Copyright(C) Kaspersky Lab. 1998 | | Version 3.0 beta 1.1 | | | | Registration info: | | | | | | Name Carmelo Caraig | | Organization PRA Computers | | Registration number 0000615640 | +-----------------------------------------------------+ Loading kernel.avc 0 Loading kernel.avc 4 Loading kernel.avc 99 Loading kernel.avc 99 Loading kernel.avc 100 Loading krnunp.avc 0 Loading krnunp.avc 0 Loading krnunp.avc 99 Loading krnunp.avc 99 Loading krnunp.avc 100 Loading krnexe.avc 0 Loading krnexe.avc 0 Loading krnexe.avc 0 Loading krnexe.avc 97 Loading krnexe.avc 99 Loading krnexe.avc 99 Loading krnexe.avc 100 Loading krnmacro.avc 0 Loading krnmacro.avc 0 Loading krnmacro.avc 99 Loading krnmacro.avc 99 Loading krnmacro.avc 100 Loading krnjava.avc 0 Loading krnjava.avc 1 Loading krnjava.avc 1 Loading krnjava.avc 11 Loading krnjava.avc 99 Loading krnjava.avc 99 Loading krnjava.avc 100 Loading krnengn.avc 0 Loading krnengn.avc 1 Loading krnengn.avc 2 Loading krnengn.avc 92 Loading krnengn.avc 99 Loading krnengn.avc 99 Loading krnengn.avc 100 Loading krndos.avc 0 Loading krndos.avc 47 Loading krndos.avc 98 Loading krndos.avc 98 Loading krndos.avc 100 Loading smart.avc 0 Loading ! smart.avc 6 Loading smart.avc 98 Loading smart.avc 98 Loading smart.avc 100 Loading ocr.avc 0 Loading ocr.avc 3 Loading ocr.avc 99 Loading ocr.avc 99 Loading ocr.avc 100 Loading avp0409.avc 0 Loading avp0409.avc 0 Loading avp0409.avc 0 Loading avp0409.avc 7 Loading avp0409.avc 10 Loading avp0409.avc 62 Loading avp0409.avc 63 Loading avp0409.avc 64 Loading avp0409.avc 65 Loading avp0409.avc 90 Loading avp0409.avc 99 Loading avp0409.avc 100 Loading newexe.avc 0 Loading newexe.avc 0 Loading newexe.avc 0 Loading newexe.avc 0 Loading newexe.avc 30 Loading newexe.avc 34 Loading newexe.avc 34 ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP ERROR_FIXUPP Loading newexe.avc 95 Loading newexe.avc 99 Loading newexe.avc 100 Loading newexeg.avc 0 Loading newexeg.avc 10 Loading newexeg.avc 97 Loading newexeg.avc 98 Loading newexeg.avc 100 Loading script.avc 0 Loading script.avc 78 Loading script.avc 79 Loading script.avc 84 Loading script.avc 89 Loading script.avc 99 Loading script.avc 100 Loading macro.avc 0 Loading macro.avc 73 Loading macro.avc 73 Loading macro.avc 84 Loading macro.avc 88 Loading macro.avc 99 Loading macro.avc 100 Loading worm.avc 0 Loading worm.avc 0 Loading worm.avc 0 Loading worm.avc 74 Loading worm.avc 74 Loading worm.avc 93 Loading worm.avc 99 Loading worm.avc 100 Loading trojan.avc 0 Loading trojan.avc 0 Loading trojan.avc 0 Loading trojan.avc 0 Loading trojan.avc 89 Loading trojan.avc 89 Loading trojan.avc 91 Loading trojan.avc 99 Loading trojan.avc 100 Loading backdoor.avc 0 Loading backdoor.avc 90 Loading backdoor.avc 92 Loading backdoor.avc 99 Loading backdo! or.avc 100 Loading malware.avc 0 Loading malware.avc 0 Loading malware.avc 70 Loading malware.avc 87 Loading malware.avc 99 Loading malware.avc 100 Loading unpack.avc 0 Loading unpack.avc 0 Loading unpack.avc 0 Loading unpack.avc 0 Loading unpack.avc 3 Loading unpack.avc 21 Loading unpack.avc 21 Loading unpack.avc 98 Loading unpack.avc 99 Loading unpack.avc 100 Loading extr-cab.avc 0 Loading extr-cab.avc 2 Loading extr-cab.avc 99 Loading extr-cab.avc 99 Loading extr-cab.avc 100 Loading extract.avc 0 Loading extract.avc 0 Loading extract.avc 0 Loading extract.avc 2 Loading extract.avc 26 Loading extract.avc 28 Loading extract.avc 99 Loading extract.avc 99 Loading extract.avc 100 Loading up040924.avc 0 Loading up040924.avc 18 Loading up040924.avc 18 Loading up040924.avc 19 Loading up040924.avc 63 Loading up040924.avc 94 Loading up040924.avc 99 Loading up040924.avc 100 Loading up041001.avc 0 Loading up041001.avc 20 Loading up041001.avc 2! 1 Loading up041001.avc 21 Loading up041001.avc 21 Loading up041001.avc 68 Loading up041001.avc 93 Loading up041001.avc 94 Loading up041001.avc 99 Loading up041001.avc 100 Loading up041008.avc 0 Loading up041008.avc 1 Loading up041008.avc 18 Loading up041008.avc 18 Loading up041008.avc 19 Loading up041008.avc 19 Loading up041008.avc 25 Loading up041008.avc 58 Loading up041008.avc 93 Loading up041008.avc 95 Loading up041008.avc 99 Loading up041008.avc 100 Loading daily.avc 0 Loading daily.avc 1 Loading daily.avc 22 Loading daily.avc 23 Loading daily.avc 23 Loading daily.avc 25 Loading daily.avc 65 Loading daily.avc 93 Loading daily.avc 99 Loading daily.avc 100 Loading mail.avc 0 Loading mail.avc 3 Loading mail.avc 98 Loading mail.avc 99 Loading mail.avc 100 Loading generic.avc 0 Loading generic.avc 0 Loading generic.avc 99 Loading generic.avc 99 Loading generic.avc 100 Loading ca.avc 0 Loading ca.avc 1 Loading ca.avc 21 Loading ca.avc! 57 Loading ca.avc 99 Loading ca.avc 99 Loading ca.avc 100 Loading fa.avc 0 Loading fa.avc 94 Loading fa.avc 96 Loading fa.avc 100 Loading eicar.avc 0 Loading eicar.avc 29 Loading eicar.avc 46 Loading eicar.avc 47 Loading eicar.avc 76 Loading eicar.avc 90 Loading eicar.avc 96 Loading eicar.avc 100 Antiviral databases were loaded. Known records: 101380 /usr/local/inflex/tmp/in ... 121232/unpacked/_headers_ /usr/local/inflex/tmp/in ... 121232/unpacked/_headers_ archive: Mail Berkeley mbox /usr/local/inflex/tmp/in ... 121232/unpacked/_headers_ /usr/local/inflex/tmp/in ... 4 08:18:16 +0900]/UNNAMED /usr/local/inflex/tmp/in ... 4 08:18:16 +0900]/UNNAMED /usr/local/inflex/tmp/in ... 4 08:18:16 +0900]/UNNAMED archive: Mail /usr/local/inflex/tmp/in ... 4 08:18:16 +0900]/UNNAMED /usr/local/inflex/tmp/in ... 18:16 +0900]/UNNAMED/text /usr/local/inflex/tmp/in ... 18:16 +0900]/UNNAMED/text /usr/local/inflex/tmp/in ... 18:16 +0900]/UNNAMED/text archive: Mail /usr/local/inflex/tmp/in ... 18:16 +0900]/UNNAMED/text /usr/local/inflex/tmp/in ... NNAMED/text/injection.zip /usr/local/inflex/tmp/in ... 121232/unpacked/textfile0 /usr/local/inflex/tmp/in ... 121232/unpacked/textfile0 ok. /usr/local/inflex/tmp/in ... 121232/unpacked/textfile1 /usr/local/inflex/tmp/in ... 121232/unpacked/textfile1 ok. /usr/local/inflex/tmp/in ... 32/unpacked/injection.zip /usr/local/inflex/tmp/in ... 32/unpacked/injection.zip archive: ZIP /usr/local/inflex/tmp/in ... 32/unpacked/injection.zip /usr/local/inflex/tmp/in ... ion.zip/injection.rtf.pif /usr/local/inflex/tmp/in ... ion.zip/injection.rtf.pif /usr/local/inflex/tmp/in ... ion.zip/injection.rtf.pif infected: I-Worm.NetSky.c /usr/local/inflex/tmp/in ... 121232/unpacked/textfile2 /usr/local/inflex/tmp/in ... 121232/unpacked/textfile2 ok. Scan process completed. Sector Objects : 0 Known viruses : 1 Files : 8 Virus bodies : 1 Folders : 1 Disinfected : 0 Archives : 4 Deleted : 0 Packed : 0 Warnings : 0 Suspicious : 0 Speed (Kb/sec) : 29 Corrupted : 0 Scan time : 00:00:01 I/O Errors : 0 File NAME/TYPE Scan Results 1015083121232 from:ipfw@freebsd.org to: debra@palau.edu END OF MESSAGE. End. . From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 15 18:53:05 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C52D16A4CE for ; Fri, 15 Oct 2004 18:53:05 +0000 (GMT) Received: from cougar.uni.edu (cougar.uni.edu [134.161.1.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAD0543D3F for ; Fri, 15 Oct 2004 18:53:04 +0000 (GMT) (envelope-from saai@uni.edu) Received: from thor ([134.161.67.51]) by uni.edu (PMDF V6.2-X27 #30994) with SMTP id <01LG29NY1QBS8X83K8@uni.edu> for freebsd-ipfw@freebsd.org; Fri, 15 Oct 2004 13:53:02 -0500 (CDT) Date: Fri, 15 Oct 2004 13:53:02 -0500 From: Andrew Friedley To: freebsd-ipfw@freebsd.org Message-id: <20041015185302.GA27894@thor> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-disposition: inline User-Agent: Mutt/1.4.2.1i Subject: ipfw with bridging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 18:53:05 -0000 I am looking into using ipfw and bridging on freebsd as an alternative to ebtables and bridging on linux. What i need to do is to be able to drop or accept packets based on the interface they came in on, the interface they are going out on, and their source mac address. Matching on source mac addresses is no problem, nor is matching on the interface a packet comes in on. However, i am unable to write a rule that matches packets going out on a specific interface. Is this possible? I want do do something like the following, but the rule does not match any packets: ipfw add 100 count all from any to any out via xl2 layer2 -- Andrew Friedley Programmer, ITS Network Services University of Northern Iowa From owner-freebsd-ipfw@FreeBSD.ORG Fri Oct 15 20:53:46 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A697116A4CE for ; Fri, 15 Oct 2004 20:53:46 +0000 (GMT) Received: from tyberius.abccom.bc.ca (tyberius.abccom.bc.ca [204.239.167.97]) by mx1.FreeBSD.org (Postfix) with SMTP id 1F32E43D66 for ; Fri, 15 Oct 2004 20:53:46 +0000 (GMT) (envelope-from jon@abccom.bc.ca) Received: (qmail 58345 invoked by uid 1000); 15 Oct 2004 20:53:10 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Oct 2004 20:53:10 -0000 Date: Fri, 15 Oct 2004 13:53:10 -0700 (PDT) From: Jon Simola To: Andrew Friedley In-Reply-To: <20041015185302.GA27894@thor> Message-ID: <20041015134812.A57067-100000@tyberius.abccom.bc.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw with bridging X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Oct 2004 20:53:46 -0000 On Fri, 15 Oct 2004, Andrew Friedley wrote: > What i need to do is to be able to drop or accept packets based on the > interface they came in on, the interface they are going out on, and their > source mac address. > > Matching on source mac addresses is no problem, nor is matching on the > interface a packet comes in on. However, i am unable to write a rule that > matches packets going out on a specific interface. Is this possible? Not on a bridge as packets take the bdg_forward path. "out via xl2 layer2" can only match packets going through ether_output_frame. Check the man page, there's a great ascii drawing of how it works in the PACKET FLOW section. You may be able to get some similar functionality to what you desire using bridge groups. --- Jon Simola | "In the near future - corporate networks Systems Administrator | reach out to the stars, electrons and light ABC Communications | flow throughout the universe." -- GITS From owner-freebsd-ipfw@FreeBSD.ORG Sat Oct 16 16:34:56 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B400B16A4CE for ; Sat, 16 Oct 2004 16:34:56 +0000 (GMT) Received: from merlin.com.ua (Merlin.Com.UA [195.66.196.180]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2839E43D58 for ; Sat, 16 Oct 2004 16:34:56 +0000 (GMT) (envelope-from sid@merlin.com.ua) Received: from mistery (localhost [127.0.0.1]) by merlin.com.ua (Postmaster) with ESMTP id 97EA633C009 for ; Sat, 16 Oct 2004 18:46:30 +0300 (EEST) Date: Sat, 16 Oct 2004 19:31:48 +0300 From: sid@merlin.com.ua X-Mailer: The Bat! (v2.10.03) Personal X-Priority: 3 (Normal) Message-ID: <153900873.20041016193148@merlin.com.ua> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: ipfw dynamic bidirect X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sid@merlin.com.ua List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 16:34:56 -0000 Hi all. we have ipfw add 10 pipe 10 ip from 10.0.0.1 to any in ipfw add 10 pipe 10 ip from any to 10.0.0.1 out pipe 10 config bw 56kbit pipe 10 use single pipe for in & out (modeling async 56k modem) for single ip. and what we can do in case we have 10.0.0.0/24 ip's ? ipfw add 10 pipe 10 ip from 10.0.0.0/24 to any in ipfw pipe 10 config bw 56k mask src-ip 0xffffffff buckets 1024 ipfw add 20 pipe 20 ip from any to 10.0.0.0/24 out ipfw pipe 20 config bw 56k mask dst-ip 0xffffffff buckets 1024 so, there we have synchronous flow, 56k in + 56k out, but we want have speed = in+out < 56k for each ip. how realise that? is there possible make firewall for /24 (/23 /23 etc) net of IP without creating one_pipe_for_each_ip ? ipfw add 10 pipe 10 ip from 10.0.0.1 to any in ipfw add 10 pipe 10 ip from any to 10.0.0.1 out pipe 10 config bw 56kbit ....... ipfw add N pipe N ip from 10.0.0.N to any in ipfw add N pipe N ip from any to 10.0.0.N out pipe N config bw 56kbit sid@merlin