From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 19:15:39 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3035516A4CE; Thu, 23 Sep 2004 19:15:39 +0000 (GMT) Received: from FoxSurfer.Com (dns1.foxsurfer.com [69.90.8.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id B834643D49; Thu, 23 Sep 2004 19:15:38 +0000 (GMT) (envelope-from daemon@foxchat.net) Received: from [24.172.9.74] (zapper@rrcs-24-172-9-74.midsouth.biz.rr.com [24.172.9.74]) by FoxSurfer.Com (8.12.11/8.12.11) with ESMTP id i8NJFYBT082528 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Thu, 23 Sep 2004 15:15:34 -0400 (EDT) (envelope-from daemon@foxchat.net) From: NetAdmin To: Bikrant Neupane In-Reply-To: <200409231233.00370.bikrant_ml@wlink.com.np> References: <200409231233.00370.bikrant_ml@wlink.com.np> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Ds3IyowJG+KMm9rlHelP" Message-Id: <1095966936.877.38.camel@foxdaemon.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 23 Sep 2004 15:15:36 -0400 X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-isp@freebsd.org cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 19:15:39 -0000 --=-Ds3IyowJG+KMm9rlHelP Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Here are my dummy net rules. Not sure if they are exactly work or not but they keep my kids from using all the upstream bandwidth. If anyone has a better way, please by all means let me know. The only thing I'm not sure of, is where it goes in the rule set. Here is where I have mine and how it is set up. Hope this helps. case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac ${fwcmd} add skipto 20000 ip from any to any bridged #---------------------- DUMMYNET Config -------------------------- # ${fwcmd} add pipe 1 { tcp or udp } from ${iip1} to any 80-65000 ${fwcmd} pipe 1 config mask src-ip 0xffffff00 bw 384Kbit/s queue 20Kbytes # ${fwcmd} add pipe 2 ip from ${iip1} to any out ${fwcmd} pipe 2 config mask src-ip 0xffffff00 bw 1024Kbit/s queue 20Kbytes # ${fwcmd} add pipe 3 ip from any to ${iip1} in ${fwcmd} pipe 3 config mask dst-ip 0xffffff00 bw 1024Kbit/s queue 20Kbytes ${iip1} =3D 192.168.1.0/24 I used "whatmask" in /usr/ports/net-mgmt/whatmask to help figure out what the netmask was for my subnet in case you use a different subnet than I. On Thu, 2004-09-23 at 02:48, Bikrant Neupane wrote: > Hi, > When a packet hits "allow | accept | pass | permit" rule the packet is=20 > accepted and the search is retiminated at that point.=20 >=20 > I need to accept the packet but still want the packet to continue travers= =20 > rules further below. However, once it hits "deny | drop" rule it should b= e=20 > dropped and the search should terminate at that point. Is that possible w= ith=20 > IPFW? >=20 > regards, > Bikrant >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 NetAdmin for the FoxChat.Net IRC Network. The FoxSurfer Group --=-Ds3IyowJG+KMm9rlHelP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBUyDYNirmlL8R/7sRAj/RAJ9j2DOqMVDZRjqKllIWcqRvAoH5UACfXqsD B4Mndu2cwRAzUfqoAHRUGxg= =PyUB -----END PGP SIGNATURE----- --=-Ds3IyowJG+KMm9rlHelP--