From owner-freebsd-questions@FreeBSD.ORG  Mon May  4 16:02:57 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1112F106564A
	for <freebsd-questions@freebsd.org>;
	Mon,  4 May 2009 16:02:57 +0000 (UTC)
	(envelope-from tamarlea@gmail.com)
Received: from mail-ew0-f171.google.com (mail-ew0-f171.google.com
	[209.85.219.171])
	by mx1.freebsd.org (Postfix) with ESMTP id 7536A8FC19
	for <freebsd-questions@freebsd.org>;
	Mon,  4 May 2009 16:02:56 +0000 (UTC)
	(envelope-from tamarlea@gmail.com)
Received: by ewy19 with SMTP id 19so3862448ewy.43
	for <freebsd-questions@freebsd.org>;
	Mon, 04 May 2009 09:02:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:content-type;
	bh=TWBx9pUzEQt/riiqlxdZlrboPeq1WUHO6ZeV+TlFw7w=;
	b=PX7f/NIayQzxRyblUaHd9y7pWezs8NBDde8BmKaMg15KLJJCb2cMaWMgB9k7GxwtBY
	ZM94NLPEUP+1lkjz0WKqkEZCRaYoL2X6mxpKaqmFke6DqHabnkqV/HXbk9BtQAQhAIE4
	oNJJ8gcNzhMOM2R63ixo3Xl3r/VDzkyqJpHt0=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=NVte1grOs1UhwIB/azULrwBGLWy9VeKwJmXwoJqp4nLg3tVeDBy1VVZq2oKuNAOErx
	9F52/zbqkmyn/ZRERYtdh740XPuOhL/l+DqXQ9KFF5LzNDkq2fUvM9i9hzWSaUCCTjjB
	tCHLBRTKWJm5C5lKHdH3fJWiEQDdpi+ztMzXQ=
MIME-Version: 1.0
Received: by 10.143.18.16 with SMTP id v16mr2730080wfi.142.1241451223708; Mon, 
	04 May 2009 08:33:43 -0700 (PDT)
Date: Mon, 4 May 2009 16:33:43 +0100
Message-ID: <1ab57dc80905040833q1573f264oe6bd77420df31c6d@mail.gmail.com>
From: Tamar Lea <tamarlea@gmail.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: per protocol bandwidth filters for firewall
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 May 2009 16:02:57 -0000

Hello all,
I have inherited the job of maintaining a FreeBSD firewall that sits behind
an ADSL line that connects 128 clients to the internet. I have not used
FreeBSD before but have some linux experience. The connections must be
always on though I am allowed to reboot if absolutely necessary. It is using
ipfilter and ipnat. There have been issues with clients taking up too much
bandwidth, so after several hours of careful testing I managed to redirect
all traffic on port 80 to a squid service using ipnat. This uses delay pools
to limit the max speed per user. However I would also like to limit the max
speed per user for streaming traffic on port 1935. Would this be possible
with the current setup and what programs or config would be able to do the
job?
Thanks,
Tamar