Date: Fri, 27 Jun 2008 13:01:28 -0700 From: "Freddie Cash" <fjwcash@gmail.com> To: freebsd-net@freebsd.org Subject: Understanding where dummynet fits into an ipfw ruleset Message-ID: <b269bc570806271301x3ed43e54k5de0a1d71a9eb676@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm trying to figure out how traffic shaping using dummynet fits into an ipfw ruleset. Mainly, I'm wondering where to put the "ipfw queue" rules (the ones that send the packets to dummynet), in relation to the packet filtering rules, or if it even matters. For instance, do the queue rules apply to all the rules in the set, or only to rules that follow after the queue rules (numerically)? Say I've got a firewall setup that does 1:1 NAT for a bunch of servers (allow incoming/outgoing traffic), as well as 1:many NAT for the workstations (allow outgoing) on the LAN. I want to add traffic shaping rules that give traffic from the workstations to specific IPs greater weight than general traffic from the workstations to the Internet (ie reserve 25% of the bandwidth for important services). Would I put the queue rules at the start of the ruleset or the end? Or in the middle, just above the rules for the workstations? Do I add them after all the bad packet checks and general deny rules that are at the top of the ruleset? Just wondering how the queue rules interact with the general packet filter rules, since they can have the same parameters. Thanks. -- Freddie Cash fjwcash@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b269bc570806271301x3ed43e54k5de0a1d71a9eb676>