Date: Sat, 16 Oct 2004 19:31:48 +0300 From: sid@merlin.com.ua To: freebsd-ipfw@freebsd.org Subject: ipfw dynamic bidirect Message-ID: <153900873.20041016193148@merlin.com.ua>
next in thread | raw e-mail | index | archive | help
Hi all. we have ipfw add 10 pipe 10 ip from 10.0.0.1 to any in ipfw add 10 pipe 10 ip from any to 10.0.0.1 out pipe 10 config bw 56kbit pipe 10 use single pipe for in & out (modeling async 56k modem) for single ip. and what we can do in case we have 10.0.0.0/24 ip's ? ipfw add 10 pipe 10 ip from 10.0.0.0/24 to any in ipfw pipe 10 config bw 56k mask src-ip 0xffffffff buckets 1024 ipfw add 20 pipe 20 ip from any to 10.0.0.0/24 out ipfw pipe 20 config bw 56k mask dst-ip 0xffffffff buckets 1024 so, there we have synchronous flow, 56k in + 56k out, but we want have speed = in+out < 56k for each ip. how realise that? is there possible make firewall for /24 (/23 /23 etc) net of IP without creating one_pipe_for_each_ip ? ipfw add 10 pipe 10 ip from 10.0.0.1 to any in ipfw add 10 pipe 10 ip from any to 10.0.0.1 out pipe 10 config bw 56kbit ....... ipfw add N pipe N ip from 10.0.0.N to any in ipfw add N pipe N ip from any to 10.0.0.N out pipe N config bw 56kbit sid@merlin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?153900873.20041016193148>