Date: Fri, 24 Sep 2004 08:37:38 -0700 (PDT) From: Jon Simola <jon@abccom.bc.ca> To: Bikrant Neupane <bikrant_ml@wlink.com.np> Cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule Message-ID: <20040924083040.N60082-100000@tyberius.abccom.bc.ca> In-Reply-To: <200409241548.14313.bikrant_ml@wlink.com.np>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 24 Sep 2004, Bikrant Neupane wrote:
> > > Well, I have no problem with the MAC filtering rules.
> > > Only problem that I am having is that the pkts hit the matching rule
> > > twice as a result I get only half of the b/w than that specified in ipfw
> > > pipe command.
Yes, the packets will hit the pipe twice. Once at layer2 and once at
layer3. You're not stopping the packets from passing through a pipe simply
by leaving out a "layer2" from the rule.
ether_input -> ipfw -> ip_input -> ipfw -> network stack
> > > Isn't there a way to construct rules such that matching pkts hit the rule
> > > only once?
Write your ruleset appropriately, or stick "not layer2" on your pipe
rules.
---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040924083040.N60082-100000>