From owner-freebsd-questions@FreeBSD.ORG Thu Sep 23 15:17:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 290D716A4CE for ; Thu, 23 Sep 2004 15:17:12 +0000 (GMT) Received: from frontend1.messagingengine.com (frontend1.messagingengine.com [66.111.4.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id C83BE43D39 for ; Thu, 23 Sep 2004 15:17:10 +0000 (GMT) (envelope-from nkinkade@fastmail.fm) X-Sasl-enc: 4c4X+rqB7JScQgsbnT/24g 1095952629 Received: from gentoo-npk.bmp.ub (unknown [206.27.244.136]) by www.fastmail.fm (Postfix) with ESMTP id D6F23C15803; Thu, 23 Sep 2004 11:17:04 -0400 (EDT) Received: from nkinkade by gentoo-npk.bmp.ub with local (Exim 4.21) id 1CAVFB-0006dm-RL; Thu, 23 Sep 2004 09:10:49 -0600 Date: Thu, 23 Sep 2004 09:10:49 -0600 From: Nathan Kinkade To: Bikrant Neupane Message-ID: <20040923151049.GH3633@gentoo-npk.bmp.ub> Mail-Followup-To: Bikrant Neupane , freebsd-questions@freebsd.org References: <200409231233.00370.bikrant_ml@wlink.com.np> <20040923165730.E67579@mailgate.alburybf.org> <200409231336.57405.bikrant_ml@wlink.com.np> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lrvsYIebpInmECXG" Content-Disposition: inline In-Reply-To: <200409231336.57405.bikrant_ml@wlink.com.np> User-Agent: Mutt/1.5.6i Sender: cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nathan Kinkade List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 15:17:12 -0000 --lrvsYIebpInmECXG Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 23, 2004 at 01:36:57PM +0545, Bikrant Neupane wrote: > Thanks for the reply. > Well I am not looking for the count rule. >=20 > Actually I have some other situation. I am trying to implement b/w shapin= g=20 > using ipfw. And i am trying to include mac address based filtering in it = as=20 > well. As long as I don't implement ipfw in ether (net.link.ether.ipfw=3D0= /1)=20 > pkts hit the rule only once and I get the b/w as specified in the IPFW pi= pe=20 > syntax. However when I enable ipfw in ether all the pkts hits the matchin= g=20 > rule twice. and as a result I get half of the b/w to what has been specif= ied=20 > in ipfw pipe. > This is normal (as mentiontioned in ipfw man page) since pkt traversal is= =20 > doubled when IPFW is enabed in ether.=20 >=20 Would the following sysctl variable help your problem? =46rom the ipfw manpage: net.inet.ip.fw.one_pass: 1 When set, the packet exiting from the dummynet(4) pipe is not passed though the firewall again. Otherwise, after a pipe action, the packet is reinjected into the firewall at the next rule. Nathan --=20 PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xD8527E49 --lrvsYIebpInmECXG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBUud5O0ZIEthSfkkRAt9zAJ4uRgz88ubXnuK4D2NUSAlEycuBbACgxvZi vbdX8v4W3b9Ji+ZuEqDvGTs= =RDCi -----END PGP SIGNATURE----- --lrvsYIebpInmECXG--