Date: Thu, 9 Nov 2000 17:14:29 -0500 (EST) From: mdg <mdg@madness.secureworks.net> To: Evren Yurtesen <eyurtese@turkuamk.fi> Cc: freebsd-isp@freebsd.org Subject: Re: Is using dummynet and not loosing the firewall functionality possible? Message-ID: <Pine.BSF.4.21.0011091712330.491-100000@madness.secureworks.net> In-Reply-To: <3A0B17C3.CBB48F2C@turkuamk.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
you need to set the following sysctl to 0: net.inet.ip.fw.one_pass this will keep the search from terminating. i sent in a pr to get this added to rc.conf many moons ago ... On Thu, 9 Nov 2000, Evren Yurtesen wrote: ::: Date: Thu, 09 Nov 2000 23:31:47 +0200 ::: From: Evren Yurtesen <eyurtese@turkuamk.fi> ::: To: freebsd-isp@freebsd.org ::: Subject: Is using dummynet and not loosing the firewall functionality ::: possible? ::: ::: I have a little problem over here. ::: I have searched the mailing list archives but couldnt find anything ::: close... I made ipfw,dummynet etc. work perfectly but need a creative ::: idea of the conf file I should use. I sent this to questions but ::: somehow nobody knows the answer. ::: ::: I want to limit bandwidth over an interface but also I want to use ::: ipfw's firewall capabilities but the search terminates when ipfw ::: comes to a pipe command which has a match and firewall rules are ::: not checked. ::: ::: Ok you might say that I can make ipfw continue search after pipe by ::: setting a variable with sysctl and I did that then then problem is that ::: I want users behind this firewall box to connect to X machine without ::: the ::: bandwidth limit and I put 2 rules first to match for the X machine and ::: the second rule is to match anything else but however these users are ::: caught by both of the bandwidth rules if the search doesnt terminate ::: on the first rule. I can handle this if the ipfw terminates the search ::: when it finds a rule though but then I cant use ipfw's firewall ::: capabilities. ::: ::: Is this a kind of paradox? any creative ideas? ::: ::: Evren ::: ::: ::: To Unsubscribe: send mail to majordomo@FreeBSD.org ::: with "unsubscribe freebsd-isp" in the body of the message ::: -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011091712330.491-100000>