From owner-freebsd-questions@FreeBSD.ORG Tue Sep 12 19:49:13 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEDFA16A58D for ; Tue, 12 Sep 2006 19:49:13 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75E0543D45 for ; Tue, 12 Sep 2006 19:49:11 +0000 (GMT) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.63 #0 (FreeBSD 4.11-STABLE)) id 1GNEFn-000CU6-SH by authid for ; Tue, 12 Sep 2006 22:49:07 +0300 Date: Tue, 12 Sep 2006 22:49:07 +0300 From: Odhiambo Washington To: freebsd-questions@freebsd.org Message-ID: <20060912194907.GA44560@ns2.wananchi.com> Mail-Followup-To: Odhiambo Washington , freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.12 (2006-07-14) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.12-2006-07-14 Subject: ipfw - bandwidth throttling (sanity check!) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Sep 2006 19:49:13 -0000 Hello Security guy ;) I have tried very hard to understand ipfw just for the purpose of bandwidth throttling for smtp service. Basically, I want to throttle the bandwidth used by my SMTP server outbound to _anyone_ else except my ip blocks. My Server is 1.2.3.4 and my ip blocks are a.b.c.d/19 and e.f.g.h/20 Are the following rules sane enough? ipfw pipe 1 config bw 256Kbit/s ipfw add pipe 1 tcp from 1.2.3.4 to not a.b.c.d/19 25 ipfw add pipe 1 tcp from 1.2.3.4 to not e.f.g.h/20 25 Any smtp traffic not to these netblocks should be throttled. By that, I am thinking it will match everything smtp outbound only, not inbound. Thank you for your time. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Don't put off for tomorrow what you can do today, because if you enjoy it today you can do it again tomorrow.