Date: Fri, 3 Jan 2003 15:38:32 -0800 (PST) From: randall ehren <randall@ucsb.edu> To: Avleen Vig <lists-freebsd@silverwraith.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: incoming bandwidth limiting using ipfilter Message-ID: <Pine.BSF.4.33.0301031533560.78558-100000@isber.ucsb.edu> In-Reply-To: <20030103153026.A17456@guava.silverwraith.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > http://www.google.com/search?q=ipfilter+ipfw+together > > --> http://false.net/ipfilter/2000_02/0407.html > > This is what we settled with eventually, but the processing order for > packets when you're using both IPF and IPFW plus ipnat is seriously > f*rked. not to stray too far, but if IPFW is set to allow all incoming packets and is only used for shaping, and you have ipfilter handling nat, then it seems it would just be: network card --> IPFW (traffic shape) --> IPF (filter+nat) --> userland i guess an internally NAT address would go back out as: IPF --> IPFW --> network card doesn't seem that bad... -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator :// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0301031533560.78558-100000>