Date: Tue, 12 Sep 2006 22:13:41 +0100 From: RW <list-freebsd-2004@morbius.sent.com> To: Odhiambo Washington <wash@wananchi.com>, freebsd-questions@freebsd.org Subject: Re: ipfw - bandwidth throttling (sanity check!) Message-ID: <200609122213.43164.list-freebsd-2004@morbius.sent.com> In-Reply-To: <20060912194907.GA44560@ns2.wananchi.com> References: <20060912194907.GA44560@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 12 September 2006 20:49, Odhiambo Washington wrote: > Hello Security guy ;) > > I have tried very hard to understand ipfw just for the purpose of > bandwidth throttling for smtp service. > > Basically, I want to throttle the bandwidth used by my SMTP > server outbound to _anyone_ else except my ip blocks. > > My Server is 1.2.3.4 and my ip blocks are a.b.c.d/19 and > e.f.g.h/20 > > > Are the following rules sane enough? > > ipfw pipe 1 config bw 256Kbit/s > ipfw add pipe 1 tcp from 1.2.3.4 to not a.b.c.d/19 25 > ipfw add pipe 1 tcp from 1.2.3.4 to not e.f.g.h/20 25 This queues all outgoing smtp to the pipe. You also need to set net.inet.ip.fw.one_pass=1 to avoid the packets re-entering the rules on the next line. Setting that means that the packets cannot pass through dynamic rules. It is possible to use dynamic rules with dummynet, but it's a pain.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609122213.43164.list-freebsd-2004>