From owner-freebsd-ipfw@FreeBSD.ORG  Sat Oct 16 16:34:56 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B400B16A4CE
	for <freebsd-ipfw@freebsd.org>; Sat, 16 Oct 2004 16:34:56 +0000 (GMT)
Received: from merlin.com.ua (Merlin.Com.UA [195.66.196.180])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2839E43D58
	for <freebsd-ipfw@freebsd.org>; Sat, 16 Oct 2004 16:34:56 +0000 (GMT)
	(envelope-from sid@merlin.com.ua)
Received: from mistery (localhost [127.0.0.1])
	by merlin.com.ua (Postmaster) with ESMTP id 97EA633C009
	for <freebsd-ipfw@freebsd.org>; Sat, 16 Oct 2004 18:46:30 +0300 (EEST)
Date: Sat, 16 Oct 2004 19:31:48 +0300
From: sid@merlin.com.ua
X-Mailer: The Bat! (v2.10.03) Personal
X-Priority: 3 (Normal)
Message-ID: <153900873.20041016193148@merlin.com.ua>
To: freebsd-ipfw@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Subject: ipfw dynamic bidirect
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: sid@merlin.com.ua
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Oct 2004 16:34:56 -0000

Hi all.

we have
ipfw add 10 pipe 10 ip from 10.0.0.1 to any in
ipfw add 10 pipe 10 ip from any to 10.0.0.1 out
pipe 10 config bw 56kbit

pipe 10 use single pipe for in & out (modeling async 56k modem) for single ip.

and what we can do in case we have 10.0.0.0/24 ip's ?

ipfw add 10  pipe 10 ip from 10.0.0.0/24 to any in
ipfw         pipe 10 config bw 56k mask src-ip 0xffffffff buckets 1024
ipfw add 20 pipe 20 ip from any to 10.0.0.0/24 out
ipfw        pipe 20 config bw 56k mask dst-ip 0xffffffff buckets 1024

so, there we have synchronous flow, 56k in + 56k out, but we want
have speed = in+out < 56k for each ip. how realise that?
is there possible make firewall for /24 (/23 /23 etc) net of IP
without creating one_pipe_for_each_ip ?

ipfw add 10 pipe 10 ip from 10.0.0.1 to any in
ipfw add 10 pipe 10 ip from any to 10.0.0.1 out
pipe 10 config bw 56kbit
.......
ipfw add N pipe N ip from 10.0.0.N to any in
ipfw add N pipe N ip from any to 10.0.0.N out
pipe N config bw 56kbit



sid@merlin