Date: Thu, 09 Nov 2000 23:31:47 +0200 From: Evren Yurtesen <eyurtese@turkuamk.fi> To: freebsd-isp@freebsd.org Subject: Is using dummynet and not loosing the firewall functionality possible? Message-ID: <3A0B17C3.CBB48F2C@turkuamk.fi>
next in thread | raw e-mail | index | archive | help
I have a little problem over here. I have searched the mailing list archives but couldnt find anything close... I made ipfw,dummynet etc. work perfectly but need a creative idea of the conf file I should use. I sent this to questions but somehow nobody knows the answer. I want to limit bandwidth over an interface but also I want to use ipfw's firewall capabilities but the search terminates when ipfw comes to a pipe command which has a match and firewall rules are not checked. Ok you might say that I can make ipfw continue search after pipe by setting a variable with sysctl and I did that then then problem is that I want users behind this firewall box to connect to X machine without the bandwidth limit and I put 2 rules first to match for the X machine and the second rule is to match anything else but however these users are caught by both of the bandwidth rules if the search doesnt terminate on the first rule. I can handle this if the ipfw terminates the search when it finds a rule though but then I cant use ipfw's firewall capabilities. Is this a kind of paradox? any creative ideas? Evren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A0B17C3.CBB48F2C>