Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Sep 2004 09:10:49 -0600
From:      Nathan Kinkade <nkinkade@ub.edu.bz>
To:        Bikrant Neupane <bikrant_ml@wlink.com.np>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Ipfw accept rule
Message-ID:  <20040923151049.GH3633@gentoo-npk.bmp.ub>
In-Reply-To: <200409231336.57405.bikrant_ml@wlink.com.np>
References:  <200409231233.00370.bikrant_ml@wlink.com.np> <20040923165730.E67579@mailgate.alburybf.org> <200409231336.57405.bikrant_ml@wlink.com.np>
next in thread | previous in thread | raw e-mail | index | archive | help 

--lrvsYIebpInmECXG
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 23, 2004 at 01:36:57PM +0545, Bikrant Neupane wrote:
> Thanks for the reply.
> Well I am not looking for the count rule.
>=20
> Actually I have some other situation. I am trying to implement b/w shapin=
g=20
> using ipfw. And i am trying to include mac address based filtering in it =
as=20
> well. As long as I don't implement ipfw in ether (net.link.ether.ipfw=3D0=
/1)=20
> pkts hit the rule only once and I get the b/w as specified in the IPFW pi=
pe=20
> syntax. However when I enable ipfw in ether all the pkts hits the matchin=
g=20
> rule twice. and as a result I get half of the b/w to what has been specif=
ied=20
> in ipfw pipe.
> This is normal (as mentiontioned in ipfw man page) since pkt traversal is=
 =20
> doubled when IPFW is enabed in ether.=20
>=20
<snip>

Would the following sysctl variable help your problem?

=46rom the ipfw manpage:

net.inet.ip.fw.one_pass: 1
	When set, the packet exiting from the dummynet(4) pipe is not passed
	though the firewall again.  Otherwise, after a pipe action, the packet
	is reinjected into the firewall at the next rule.

Nathan
--=20
PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xD8527E49

--lrvsYIebpInmECXG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBUud5O0ZIEthSfkkRAt9zAJ4uRgz88ubXnuK4D2NUSAlEycuBbACgxvZi
vbdX8v4W3b9Ji+ZuEqDvGTs=
=RDCi
-----END PGP SIGNATURE-----

--lrvsYIebpInmECXG--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040923151049.GH3633>