Date: Thu, 20 Oct 2005 21:51:53 -0400 From: Daemon <daemon@foxchat.net> To: freebsd-ipfw@freebsd.org Subject: ipfw firewall help Message-ID: <435849B9.8040509@foxchat.net>
next in thread | raw e-mail | index | archive | help
I'm trying to build a firewall from scratch using man ipfw and what I can find on the net. I'm doing bandwidth shaping and I'm not quite sure where it goes as far as rule numbers. From what I can see, it matters and I'd like to do it right. I'm using an OPEN firewall with NATD because I'm on cable broadband with a static IP. Here is what I have. 00010 52 2446 pipe 1 ip from 172.16.140.0/24 to any xmit re0 00020 0 0 pipe 2 ip from any to 172.16.140.0/24 recv re0 00050 274 24955 divert 8668 ip from any to any via re0 00100 50 5642 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65535 4658 547779 allow ip from any to any The actual rule set for the bandwidth shaping is: # Traffic Shaping. # oif="re0" # ${oif} Public Interface. # iif="re1" # ${iif} Internal nic. # iip="172.16.140.0/24" # ${iip} ${fwcmd} add 10 pipe 1 all from ${iip} to any xmit ${oif} ${fwcmd} pipe 1 config mask src-ip 0xffffff00 bw 35Kbits/s queue 40Kbytes ${fwcmd} add 20 pipe 2 all from any to ${iip} recv ${oif} ${fwcmd} pipe 2 config mask dst-ip 0xffffff00 bw 4000Kbits/s queue 40Kbytes I've found lots of stuff on "how" to set it up but I can't seem to find anything on where the rules go. Any help would be greatly appreciated. Regards, Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?435849B9.8040509>