From owner-freebsd-net  Mon Dec 11 23:10:26 2000
From owner-freebsd-net@FreeBSD.ORG  Mon Dec 11 23:10:23 2000
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from unity.copyleft.no (unity.copyleft.no [212.71.72.23])
	by hub.freebsd.org (Postfix) with ESMTP id 9254337B404
	for <freebsd-net@freebsd.org>; Mon, 11 Dec 2000 23:10:22 -0800 (PST)
Received: from martin by unity.copyleft.no with local (Exim 3.03 #1)
	id 145jZo-0005u2-00
	for freebsd-net@freebsd.org; Tue, 12 Dec 2000 08:10:16 +0100
Date: Tue, 12 Dec 2000 08:10:16 +0100
From: Martin Eggen <martin@copyleft.no>
To: freebsd-net@freebsd.org
Subject: ipfilter _and_ ipfirewall?
Message-ID: <20001212081016.A22602@unity.copyleft.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: "Martin Eggen,Copyleft Software,901 17 341" <martin@unity.copyleft.no>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Would having the following in a kernel config work?

options     IPFIREWALL
options     IPFIREWALL_DEFAULT_TO_ACCEPT
options     DUMMYNET
options     IPFILTER

That is, to use ipfw exclusively for bandwidth limiting with dummynet, and
ipfilter for packet filtering?
I seem to recall that I've read a description of this, but came out empty
when searching for anything regarding the topic.

What path would packets go through the system with such a setup?

Will this work, or should I use ALTQ for traffic shaping instead when
filtering with IPFILTER?

-- 
Martin Eggen <martin@copyleft.no>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message