From owner-freebsd-ipfw@FreeBSD.ORG  Tue Apr 13 09:53:33 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7C42B16A4CE
	for <ipfw@freebsd.org>; Tue, 13 Apr 2004 09:53:33 -0700 (PDT)
Received: from mailgw.dgrp.sk (mailgw.dgrp.sk [195.28.127.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D970A43D5C
	for <ipfw@freebsd.org>; Tue, 13 Apr 2004 09:53:32 -0700 (PDT)
	(envelope-from koren@tempest.sk)
Received: by mailgw.dgrp.sk (Postfix, from userid 1003)
	id 1ACB74FD87; Tue, 13 Apr 2004 18:53:32 +0200 (CEST)
Received: from domino1.tempest.sk (domino1.tempest.sk [195.28.100.38])
	by mailgw.dgrp.sk (Postfix) with ESMTP
	id A847B4FD85; Tue, 13 Apr 2004 18:53:31 +0200 (CEST)
Received: from lk106.tempest.sk ([195.28.109.36])
          by domino1.tempest.sk (Lotus Domino Release 6.5.1IF1)
          with ESMTP id 2004041318532986-1057 ;
          Tue, 13 Apr 2004 18:53:29 +0200 
Received: from lk106.tempest.sk (localhost [127.0.0.1])
	by lk106.tempest.sk (8.12.10/8.12.5) with ESMTP id i3DGrMBp057737;
	Tue, 13 Apr 2004 18:53:22 +0200 (CEST)
	(envelope-from koren@lk106.tempest.sk)
Received: (from koren@localhost)
	by lk106.tempest.sk (8.12.10/8.12.10/Submit) id i3DGrLb7057734;
	Tue, 13 Apr 2004 18:53:21 +0200 (CEST)
	(envelope-from koren)
Date: Tue, 13 Apr 2004 18:53:21 +0200 (CEST)
Message-Id: <200404131653.i3DGrLb7057734@lk106.tempest.sk>
From: Ludo Koren <lk@tempest.sk>
To: rizzo@icir.org
In-reply-to: <20040413091734.A98975@xorpc.icir.org> (message from Luigi Rizzo
	on Tue, 13 Apr 2004 09:17:34 -0700)
X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.1IF1|March 16,
	2004) at 13.04.2004 18:53:29,at 13.04.2004 18:53:31,
	Serialize complete at 13.04.2004 18:53:31
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mailgw
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.61
X-Spam-Level: 
cc: ipfw@freebsd.org
Subject: Re: limiting bandwith
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2004 16:53:33 -0000



     > i think it is pilot error.

I do not argue. yes, it probably is.

     > Be warned that dynamic rules only match addresses and ports, so
     > once a rule is installed it will match traffic both in and out.
     > If you want to select on other attributes you have to do it
     > before you hit any keep-state or check-state rule.

     > I don't know if it matches recent reports about dummynet on
     > 5.2.1 giving half the bandwidth, but i just checked locally and
     > it does work as expected -- the bandwidth is correct (with a
     > correct ipfw config, that is :)

I just cannot put together rules, that do what I want. If I omit
keep-state from the rule:

add pipe 20 tcp from B to A dst-port 25 out xmit xl1 keep-state

it stops working. Basically, I am lost...

     > 	cheers luigi

lk