Date: Mon, 29 Jul 2019 13:59:57 -0400 From: mike tancsa <mike@sentex.net> To: Paul Webster <paul.g.webster@googlemail.com>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: Re: pf and dummynet Message-ID: <faf7421f-1c00-d7b3-e778-411d99bf9781@sentex.net> In-Reply-To: <5d3f305f.1c69fb81.90047.531f@mx.google.com> References: <d68129cd-40a4-e065-32c3-3f574eca537e@sentex.net> <5d3f305f.1c69fb81.90047.531f@mx.google.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, I have pf compiled in for now, and then load dummynet and ipfw as a kld. On 7/29/2019 1:44 PM, Paul Webster wrote: > > You can mix ipfw and pf, but beware of the order they are loaded (The > first one loaded is inside the second one loaded) – it may be better > in fact to compile them both in the kernel. > > > > You basically end up with: (pf)(ipfw)(system)(ipfw)(pf) – assuming pf > was loaded first > > > > Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986>; for > Windows 10 > > > > *From: *mike tancsa <mailto:mike@sentex.net> > *Sent: *29 July 2019 17:06 > *To: *freebsd-pf@freebsd.org <mailto:freebsd-pf@freebsd.org> > *Subject: *pf and dummynet > > > > I have a box I need to shape inbound and outbound traffic. It seems altq > > can only shape outbound packets and not limit inbound ? If thats the > > case, what is the current state of mixing ipfw, dummynet and pf ? > > Writing large complex firewall rules works better from a readability POV > > (for us anyways) so I really prefer to use it. But I need to prevent zfs > > replication eating up BW over some WAN links, and dummynet seems to > > "just work" > > > > For ipfw I have > > > > > > 00010 6640359 9959147882 pipe 1 tcp from 192.168.128.0/20 to any > > 01000 3486901 228480912 allow ip from any to any > > > > and then checking my pf.conf rules, it seems to block and pass traffic > > as expected. > > > > Is there anything I should explicitly check ? > > > > ---Mike > > > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?faf7421f-1c00-d7b3-e778-411d99bf9781>