From owner-freebsd-ipfw@FreeBSD.ORG Mon Sep 3 18:11:11 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64C0116A419 for ; Mon, 3 Sep 2007 18:11:11 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from relay1.tpu.ru (relay1.tpu.ru [213.183.112.102]) by mx1.freebsd.org (Postfix) with ESMTP id C2F0113C457 for ; Mon, 3 Sep 2007 18:11:10 +0000 (UTC) (envelope-from vadimnuclight@tpu.ru) Received: from localhost (localhost.localdomain [127.0.0.1]) by relay1.tpu.ru (Postfix) with ESMTP id 6445910527F; Tue, 4 Sep 2007 01:11:09 +0700 (NOVST) X-Virus-Scanned: amavisd-new at tpu.ru Received: from relay1.tpu.ru ([127.0.0.1]) by localhost (relay1.tpu.ru [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m7nBHY9iarmM; Tue, 4 Sep 2007 01:11:08 +0700 (NOVST) Received: from mail.main.tpu.ru (mail.main.tpu.ru [10.0.0.3]) by relay1.tpu.ru (Postfix) with ESMTP id 4C92B10527E; Tue, 4 Sep 2007 01:11:08 +0700 (NOVST) Received: from mail.tpu.ru ([213.183.112.105]) by mail.main.tpu.ru with Microsoft SMTPSVC(6.0.3790.3959); Tue, 4 Sep 2007 01:11:08 +0700 Received: from nuclight.avtf.net ([83.172.2.158]) by mail.tpu.ru over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Tue, 4 Sep 2007 01:11:08 +0700 To: "Russell Fulton" , freebsd-ipfw@freebsd.org References: <46D76443.80407@auckland.ac.nz> Message-ID: Date: Tue, 04 Sep 2007 01:11:06 +0700 From: "Vadim Goncharov" Organization: AVTF TPU Hostel Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <46D76443.80407@auckland.ac.nz> User-Agent: Opera M2/7.54 (Win32, build 3865) X-OriginalArrivalTime: 03 Sep 2007 18:11:08.0149 (UTC) FILETIME=[CCF38250:01C7EE55] Cc: Subject: Re: beginners questions X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Sep 2007 18:11:11 -0000 31.08.07 @ 07:43 Russell Fulton wrote: > Before you ask, yes I've RTFM ;) which was very imformative and there > are still some things that I have missed. > > 1/ Is there a way of reloading rules while maintaining the state table > or is this the default? (put another way does flush affect dynamic > rules). Yes, it flushes dynamic rules because they depend on their parents, which are flushed too. > 2/ we are using state and also shaping traffic via pipes. What > interaction, if any is there between pipes and state? i.e. if a packet > gets sent to a pipe will other traffic that is matched by the dynamic > rule also get sent to the pipe? Yes, it should. > 3/ are pipes bidirectional? I.e. do I need to say > > add 02421 pipe 6 all from 130.216.95.0/24 to any > add 02422 pipe 7 all from any to 130.216.95.0/24 Umm... that depends on what you really want. Pipe is unidirectional in sense that you always send packets into one end, and they'll get out from the other end. So speed is depends on where that ends are connected to. So if you are configuring pipe to, e.g., 1 Mbit, and say "pipe 1 all from A to B" and "pipe 1 all from B to A", then both upload+download between A and B will be 1 Mbit, SUMMARY. And if you send "A to B" traffic into 512 Kbit pipe and "B to A" traffic into 128 Kbit pipe, than you'll get exactly this speed, in specified directions, respectively. -- WBR, Vadim Goncharov