From owner-freebsd-questions Thu Jul 10 09:24:15 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA09939 for questions-outgoing; Thu, 10 Jul 1997 09:24:15 -0700 (PDT) Received: from federation.addy.com (federation.addy.com [207.239.68.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA09930 for ; Thu, 10 Jul 1997 09:24:05 -0700 (PDT) Received: from localhost (fbsdlist@localhost) by federation.addy.com (8.8.5/8.6.12) with SMTP id MAA06080 for ; Thu, 10 Jul 1997 12:24:01 -0400 (EDT) Date: Thu, 10 Jul 1997 12:24:00 -0400 (EDT) From: Cliff Addy Reply-To: Cliff Addy To: questions@freebsd.org Subject: ipfw Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I've successfully compiled firewall support into the kernel and used ipfw to set up some rules. I have two questions: 1) What is the best way to invoke ipfw rules at boot time? Since the default condition is allow nothing, it breaks nfs, web servers, etc. I presume it has something to do with rc.conf's "firewall" setting, but I've not been able to find any documentation on the appropriate values (other than "NO"). I'd like to have ipfw load up the rules from a file as early in the boot process as possible. 2) We have several aliased ip addresses on the network card. The whole point of this is to measure the traffic on each ip address separately. I've tried adding rules like allow all from any to 207.239.68.3 allow all from 207.239.68.3 to any and can get stats from ipfw on byte/packet counts for each of these rules. My question is: Does adding the byte counts accurately tell me all the bandwidth being used by that ip address, including packet headers, etc? Or am I doing this all wrong?