From owner-freebsd-questions@FreeBSD.ORG Tue May 27 03:53:27 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B39A37B401 for ; Tue, 27 May 2003 03:53:27 -0700 (PDT) Received: from mail.compunetix.com (mail.compunetix.com [198.144.40.4]) by mx1.FreeBSD.org (Postfix) with SMTP id 1AF6843F85 for ; Tue, 27 May 2003 03:53:26 -0700 (PDT) (envelope-from wmoran@compunetix.com) Received: (qmail 81960 invoked from network); 27 May 2003 10:55:50 -0000 Received: from localhost (HELO mail.compunetix.com) (127.0.0.1) by mail.compunetix.com with SMTP; 27 May 2003 10:55:50 -0000 Received: from 24.53.170.215 (SquirrelMail authenticated user wmoran) by mail.compunetix.com with HTTP; Tue, 27 May 2003 06:55:50 -0400 (EDT) Message-ID: <1429.24.53.170.215.1054032950.squirrel@mail.compunetix.com> In-Reply-To: <3ED30DEB.3010805@401.cx> References: <20030524145328.16351.qmail@web13406.mail.yahoo.com> <3ECFA2E5.8020701@potentialtech.com> <3ED30DEB.3010805@401.cx> Date: Tue, 27 May 2003 06:55:50 -0400 (EDT) From: wmoran@compunetix.com To: "Roger 'Rocky' Vetterberg" User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal cc: Fehmi cc: Bill Moran cc: freebsd-questions@freebsd.org Subject: Re: Running Dummynet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 10:53:27 -0000 > Bill Moran wrote: >> Fehmi wrote: >> >>> ipfw show: >>> 100 allow ip from any to any >>> 200 pipe 1 bw 1kbit/s delay 200ms >>> 65554 deny ip from any to any >> >> >> This actually works? It looks to me like everything should be >> blocked by the last rule: thus no networking should work. > > I have to disagree. Everything will be *allowed* by the *first* rule, > none of the other rules will ever happen, including the last one. > This is pretty much as effective as no firewall at all. Agreed. I must have been asleep at the wheel when I looked at it. And you've also described the problem to the orignal poster.