From owner-freebsd-net@FreeBSD.ORG Sun Aug 15 19:54:37 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6668216AE35 for ; Sun, 15 Aug 2004 19:54:37 +0000 (GMT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC35843D41 for ; Sun, 15 Aug 2004 19:54:36 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.13.1/8.13.1) with ESMTP id i7FJsaAn026176; Sun, 15 Aug 2004 15:54:36 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.13.1/8.13.1/Submit) id i7FJsaC1026175; Sun, 15 Aug 2004 15:54:36 -0400 (EDT) (envelope-from barney) Date: Sun, 15 Aug 2004 15:54:36 -0400 From: Barney Wolff To: Fargo Holiday Message-ID: <20040815195436.GA25279@pit.databus.com> References: <4a1299a404081414287a9ecbc@mail.gmail.com> <20040815104243.GA43915@shellma.zin.lublin.pl> <4a1299a4040815113178caa332@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4a1299a4040815113178caa332@mail.gmail.com> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.44 cc: freebsd-net@freebsd.org Subject: Re: [FreeBSD 5.2] Bandwith and packet throttling X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 19:54:37 -0000 On Sun, Aug 15, 2004 at 11:31:07AM -0700, Fargo Holiday wrote: > > cramster# ipfw show > 00050 14819576 8458459132 divert 8668 ip from any to any via dc0 > 00100 250 32470 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 65000 44478701 31835950367 allow ip from any to any > 65100 0 0 pipe 1 ip from 10.0.0.8 to any > 65200 0 0 pipe 2 ip from any to 10.0.0.8 > 65535 0 0 deny ip from any to any man ipfw will point out that the first allow or deny that "hits" terminates rule processing. Perhaps you're more familiar with other firewalls, where this sensible design is not the normal case. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.