From owner-freebsd-doc@FreeBSD.ORG Thu Jan 10 07:50:03 2008 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E4EB16A41A for ; Thu, 10 Jan 2008 07:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 11D6B13C465 for ; Thu, 10 Jan 2008 07:50:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m0A7o2qd029137 for ; Thu, 10 Jan 2008 07:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m0A7o2Cn029136; Thu, 10 Jan 2008 07:50:02 GMT (envelope-from gnats) Date: Thu, 10 Jan 2008 07:50:02 GMT Message-Id: <200801100750.m0A7o2Cn029136@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Marc Silver Cc: Subject: Re: docs/113464: Error regarding IPF and ALTQ in handbook X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Marc Silver List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jan 2008 07:50:03 -0000 The following reply was made to PR docs/113464; it has been noted by GNATS. From: Marc Silver To: bug-followup@FreeBSD.org, josh@tcbug.org Cc: Subject: Re: docs/113464: Error regarding IPF and ALTQ in handbook Date: Thu, 10 Jan 2008 09:46:38 +0200 --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi there, I've done a bit of research into this and from what I can see, there is no direct support for ALTQ in IPFILTER itself. However, everything I could find suggests that ALTQ/PF or DUMMYNET/IPFW can be used in conjunction with IPFILTER, provided that one is dedicated to traffic shaping and the other to filtering and NAT. To that end I've mangled the firewall chapter to update the information surrounding this particular issue. Hope this helps, Cheers, Marc --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="firewall-chapter.sgml.patch" --- chapter.sgml.orig 2008-01-10 08:46:33.000000000 +0200 +++ chapter.sgml 2008-01-10 09:35:19.000000000 +0200 @@ -151,12 +151,16 @@ PF). &os; also has two built in packages for traffic shaping (basically controlling bandwidth usage): &man.altq.4; and &man.dummynet.4;. Dummynet has traditionally been - closely tied with IPFW, and - ALTQ with - IPF/PF. IPF, - IPFW, and PF all use rules to control the access of packets to and - from your system, although they go about it different ways and - have different rule syntaxes. + closely tied with IPFW, while + ALTQ may be used with PF. + Traffic shaping can currently be achieved with + IPFILTER by using IPFILTER + for filtering and NAT in conjunction with IPFW + and dummynet or PF with + ALTQ for traffic shaping. IPF IPFW, and PF all + use rules to control the access of packets to and from your system, + although they go about it different ways and have different rule + syntaxes. The reason that &os; has multiple built in firewall packages is that different people have different requirements and --HcAYCG3uE/tztfnV--