Date: Thu, 23 Sep 2004 09:10:49 -0600 From: Nathan Kinkade <nkinkade@ub.edu.bz> To: Bikrant Neupane <bikrant_ml@wlink.com.np> Cc: freebsd-questions@freebsd.org Subject: Re: Ipfw accept rule Message-ID: <20040923151049.GH3633@gentoo-npk.bmp.ub> In-Reply-To: <200409231336.57405.bikrant_ml@wlink.com.np> References: <200409231233.00370.bikrant_ml@wlink.com.np> <20040923165730.E67579@mailgate.alburybf.org> <200409231336.57405.bikrant_ml@wlink.com.np>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrvsYIebpInmECXG Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 23, 2004 at 01:36:57PM +0545, Bikrant Neupane wrote: > Thanks for the reply. > Well I am not looking for the count rule. >=20 > Actually I have some other situation. I am trying to implement b/w shapin= g=20 > using ipfw. And i am trying to include mac address based filtering in it = as=20 > well. As long as I don't implement ipfw in ether (net.link.ether.ipfw=3D0= /1)=20 > pkts hit the rule only once and I get the b/w as specified in the IPFW pi= pe=20 > syntax. However when I enable ipfw in ether all the pkts hits the matchin= g=20 > rule twice. and as a result I get half of the b/w to what has been specif= ied=20 > in ipfw pipe. > This is normal (as mentiontioned in ipfw man page) since pkt traversal is= =20 > doubled when IPFW is enabed in ether.=20 >=20 <snip> Would the following sysctl variable help your problem? =46rom the ipfw manpage: net.inet.ip.fw.one_pass: 1 When set, the packet exiting from the dummynet(4) pipe is not passed though the firewall again. Otherwise, after a pipe action, the packet is reinjected into the firewall at the next rule. Nathan --=20 PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=3Dget&search=3D0xD8527E49 --lrvsYIebpInmECXG Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBUud5O0ZIEthSfkkRAt9zAJ4uRgz88ubXnuK4D2NUSAlEycuBbACgxvZi vbdX8v4W3b9Ji+ZuEqDvGTs= =RDCi -----END PGP SIGNATURE----- --lrvsYIebpInmECXG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040923151049.GH3633>