Date: Thu, 9 Nov 2000 16:57:34 -0500 From: "Troy Settle" <troy@psknet.com> To: "Evren Yurtesen" <eyurtese@turkuamk.fi>, <freebsd-isp@freebsd.org> Subject: RE: Is using dummynet and not loosing the firewall functionality possible? Message-ID: <BFEGKDHLHDNOJEIHJDBACEHMCAAA.troy@psknet.com> In-Reply-To: <3A0B17C3.CBB48F2C@turkuamk.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's what I have set up and working perfectly: 00100 divert 8668 ip from any to any via ed0 00100 allow ip from any to any via lo0 00100 pipe 1000 ip from any to any via ed1 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any HTH, -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Evren Yurtesen > Sent: Thursday, November 09, 2000 4:32 PM > To: freebsd-isp@freebsd.org > Subject: Is using dummynet and not loosing the firewall functionality > possible? > > > I have a little problem over here. > I have searched the mailing list archives but couldnt find anything > close... I made ipfw,dummynet etc. work perfectly but need a creative > idea of the conf file I should use. I sent this to questions but > somehow nobody knows the answer. > > I want to limit bandwidth over an interface but also I want to use > ipfw's firewall capabilities but the search terminates when ipfw > comes to a pipe command which has a match and firewall rules are > not checked. > > Ok you might say that I can make ipfw continue search after pipe by > setting a variable with sysctl and I did that then then problem is that > I want users behind this firewall box to connect to X machine without > the > bandwidth limit and I put 2 rules first to match for the X machine and > the second rule is to match anything else but however these users are > caught by both of the bandwidth rules if the search doesnt terminate > on the first rule. I can handle this if the ipfw terminates the search > when it finds a rule though but then I cant use ipfw's firewall > capabilities. > > Is this a kind of paradox? any creative ideas? > > Evren > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BFEGKDHLHDNOJEIHJDBACEHMCAAA.troy>