From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 06:57:42 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CD6237B401 for ; Wed, 13 Aug 2003 06:57:42 -0700 (PDT) Received: from eric.totalsmackdown.net (CPE-65-27-100-34.mn.rr.com [65.27.100.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6027743F93 for ; Wed, 13 Aug 2003 06:57:41 -0700 (PDT) (envelope-from admin@totalsmackdown.net) Received: from mail.apunkpage.net (localhost [127.0.0.1]) by eric.totalsmackdown.net (Postfix) with SMTP id B165942B7; Wed, 13 Aug 2003 08:59:58 -0500 (CDT) Received: from 216.243.134.39 (SquirrelMail authenticated user admin@totalsmackdown.net) by mail.apunkpage.net with HTTP; Wed, 13 Aug 2003 08:59:58 -0500 (CDT) Message-ID: <1188.216.243.134.39.1060783198.squirrel@mail.apunkpage.net> Date: Wed, 13 Aug 2003 08:59:58 -0500 (CDT) From: "eric" User-Agent: SquirrelMail/1.4.0 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal To: undisclosed-recipients: ; X-Mailman-Approved-At: Thu, 14 Aug 2003 01:49:39 -0700 Subject: ipfw syntax X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: admin@totalsmackdown.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Aug 2003 13:57:42 -0000 Just a quickie. Before I go tearing my firewall down, I want to see if there is a better way of doing this. What I want to do on my network, is limit all my roomates in such a way that doesn't distrupt anything but their kazaa usage (I'm really only looking to slow kazaa down). With that said, their regular internet usage is icq/aim/msn, a browser window, and kazaa. Would it be easier to just setup a pipe and limit by netmask, or will the following work? Any hints, tips, or suggestions? I'm using ipfw2 in FreeBSD 5.1-RELEASE for dummynet, and ipf for my actual firewall rules. #### Natd d add 00200 divert natd all from any to any via rl0 #### Dummynet ### Jason add pipe 1 ip from any to 192.168.1.4 in add pipe 2 ip from 192.168.1.4 to any out limit src-addr 6 pipe 1 config bw 500Kbit/s pipe 2 config bw 96Kbit/s #### Dummynet ### Ian add pipe 3 ip from any to 192.168.1.8 in add pipe 4 ip from 192.168.1.8 to any out limit src-addr 6 pipe 3 config bw 300Kbit/s pipe 4 config bw 96Kbit/s #### Dummynet ### cr add pipe 5 ip from any to 192.168.1.7 in add pipe 6 ip from 192.168.1.7 to any out limit src-addr 6 pipe 5 config bw 300Kbit/s pipe 6 config bw 96Kbit/s Its been a while since I've done anything with ipfw, so be nice if anything above doesn't make sense. ;) --- Eric