From owner-freebsd-stable  Fri Feb 16  7: 6: 6 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from illustrious.cnchost.com (illustrious.concentric.net [207.155.252.7])
	by hub.freebsd.org (Postfix) with ESMTP id 3502637B401
	for <stable@FreeBSD.ORG>; Fri, 16 Feb 2001 07:06:04 -0800 (PST)
Received: from auvo.com (4032268D.ptr.dia.nextlink.net [64.50.38.141])
	by illustrious.cnchost.com
	id KAA20700; Fri, 16 Feb 2001 10:06:00 -0500 (EST)
	[ConcentricHost SMTP Relay 1.10]
Message-ID: <3A8D41B9.F79358D3@auvo.com>
Date: Fri, 16 Feb 2001 09:05:29 -0600
From: Mike Bytnar <mbytnar@auvo.com>
Reply-To: mbytnar@auvo.com
Organization: Auvo
X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Chris Elsworth <chrise@demon.net>
Cc: stable@FreeBSD.ORG, Bradley Kite <bradley@rug-rats.org>
Subject: Re: ipfw query..
References: <20010215130342.A95395@demon.net> <20010215135309.A23654@rug-rats.org> <3A8BE217.7AF6BFBD@herculeez.com> <20010215140949.A96244@demon.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

sysctl -w net.inet.ip.fw.one_pass=0

This flag allows packets to pass through the pipes, until they are accepted by a
pass or fail rule. But the configuration can be tricky.
Another way is to place your packet processing (such as natd) first, then pass
through the pipes.

--Mike

Chris Elsworth wrote:

> On Thu, Feb 15, 2001 at 02:05:11pm +0000, Simon Loader wrote:
> > Bradley Kite wrote:
> > >
> > > I'm sure there is a flag you can append to the end of
> > > the pipe rules, that tell ipfw to continue going through the rules
> > > instead of stopping when they match.
> > >
> > > I cant remember what the flag is tho, sorry :-(
> >

[...]

> If I don't put the pipes first then I can't bandwidth limit, because when
> the packets go through one of the allow rules, to, say, sshd - then
> they'll never see the pipe and won't get limited or counted. So the pipes
> have to come first..
>
> --
> Chris Elsworth               tel: 020 8371 1041        _            .
> Systems Administrator        mob: 07968 324 693       demon @ thus . .
> Web & Hosting Team             chrise@demon.net   http://www.demon.net
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message