Date: Thu, 23 Sep 2004 15:15:36 -0400 From: NetAdmin <daemon@foxchat.net> To: Bikrant Neupane <bikrant_ml@wlink.com.np> Cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule Message-ID: <1095966936.877.38.camel@foxdaemon.com> In-Reply-To: <200409231233.00370.bikrant_ml@wlink.com.np> References: <200409231233.00370.bikrant_ml@wlink.com.np>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-Ds3IyowJG+KMm9rlHelP
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Here are my dummy net rules. Not sure if they are exactly work or not
but they keep my kids from using all the upstream bandwidth.
If anyone has a better way, please by all means let me know. The only
thing I'm not sure of, is where it goes in the rule set. Here is where
I have mine and how it is set up. Hope this helps.
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd all from any to any via ${natd_interface}
fi
;;
esac
${fwcmd} add skipto 20000 ip from any to any bridged
#---------------------- DUMMYNET Config --------------------------
#
${fwcmd} add pipe 1 { tcp or udp } from ${iip1} to any 80-65000
${fwcmd} pipe 1 config mask src-ip 0xffffff00 bw 384Kbit/s queue
20Kbytes
#
${fwcmd} add pipe 2 ip from ${iip1} to any out
${fwcmd} pipe 2 config mask src-ip 0xffffff00 bw 1024Kbit/s queue
20Kbytes
#
${fwcmd} add pipe 3 ip from any to ${iip1} in
${fwcmd} pipe 3 config mask dst-ip 0xffffff00 bw 1024Kbit/s queue
20Kbytes
${iip1} =3D 192.168.1.0/24
I used "whatmask" in /usr/ports/net-mgmt/whatmask to help figure out
what the netmask was for my subnet in case you use a different subnet
than I.
On Thu, 2004-09-23 at 02:48, Bikrant Neupane wrote:
> Hi,
> When a packet hits "allow | accept | pass | permit" rule the packet is=20
> accepted and the search is retiminated at that point.=20
>=20
> I need to accept the packet but still want the packet to continue travers=
=20
> rules further below. However, once it hits "deny | drop" rule it should b=
e=20
> dropped and the search should terminate at that point. Is that possible w=
ith=20
> IPFW?
>=20
> regards,
> Bikrant
>=20
>=20
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
--=20
NetAdmin for the FoxChat.Net IRC Network.
The FoxSurfer Group
--=-Ds3IyowJG+KMm9rlHelP
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQBBUyDYNirmlL8R/7sRAj/RAJ9j2DOqMVDZRjqKllIWcqRvAoH5UACfXqsD
B4Mndu2cwRAzUfqoAHRUGxg=
=PyUB
-----END PGP SIGNATURE-----
--=-Ds3IyowJG+KMm9rlHelP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1095966936.877.38.camel>