Date: Fri, 10 Nov 2000 10:09:32 +0200 (WET) From: Evren Yurtesen <eyurtese@turkuamk.fi> To: Troy Settle <troy@psknet.com> Cc: freebsd-isp@freebsd.org Subject: RE: Is using dummynet and not loosing the firewall functionality possible? Message-ID: <Pine.A41.4.10.10011101008190.58564-100000@bessel.tekniikka.turkuamk.fi> In-Reply-To: <BFEGKDHLHDNOJEIHJDBACEHMCAAA.troy@psknet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
But you are not using any firewall functionality. I mean you normally allow everything to pass. I want just the things I specify to pass and the rest to be stopped. On Thu, 9 Nov 2000, Troy Settle wrote: > > Here's what I have set up and working perfectly: > > 00100 divert 8668 ip from any to any via ed0 > 00100 allow ip from any to any via lo0 > 00100 pipe 1000 ip from any to any via ed1 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > > > HTH, > > -- > Troy Settle > Pulaski Networks > 540.994.4254 > > It's always a long day, 86400 doesn't fit into a short > > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Evren Yurtesen > > Sent: Thursday, November 09, 2000 4:32 PM > > To: freebsd-isp@freebsd.org > > Subject: Is using dummynet and not loosing the firewall functionality > > possible? > > > > > > I have a little problem over here. > > I have searched the mailing list archives but couldnt find anything > > close... I made ipfw,dummynet etc. work perfectly but need a creative > > idea of the conf file I should use. I sent this to questions but > > somehow nobody knows the answer. > > > > I want to limit bandwidth over an interface but also I want to use > > ipfw's firewall capabilities but the search terminates when ipfw > > comes to a pipe command which has a match and firewall rules are > > not checked. > > > > Ok you might say that I can make ipfw continue search after pipe by > > setting a variable with sysctl and I did that then then problem is that > > I want users behind this firewall box to connect to X machine without > > the > > bandwidth limit and I put 2 rules first to match for the X machine and > > the second rule is to match anything else but however these users are > > caught by both of the bandwidth rules if the search doesnt terminate > > on the first rule. I can handle this if the ipfw terminates the search > > when it finds a rule though but then I cant use ipfw's firewall > > capabilities. > > > > Is this a kind of paradox? any creative ideas? > > > > Evren > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A41.4.10.10011101008190.58564-100000>