Date: Sat, 15 Jun 2002 20:37:26 -0400 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: <ilia@cgu.chel.su> Cc: "FBSDQ" <questions@FreeBSD.ORG> Subject: RE: ipfw: DNS priority Message-ID: <MIEPLLIBMLEEABPDBIEGIENGCCAA.barbish@a1poweruser.com> In-Reply-To: <3D0B79AB.70209@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can also prioritize ipfw rules in the rules file by putting the most often used rules at the beginning of the rules file, thus limiting the number of rules which have to be tested before finding a match. This will increase the performance of rules file, rule testing process just a little bit. -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bill Moran Sent: Saturday, June 15, 2002 1:30 PM To: Ilia Chipitsine Cc: questions@FreeBSD.ORG Subject: Re: ipfw: DNS priority Ilia Chipitsine wrote: > On Sat, 15 Jun 2002, Bill Moran wrote: > >>Ilia Chipitsine wrote: >>>how can I implement ipfw rules in order to prioriterize DNS and SSH (both >>>incoming and outgoing) over the rest of packets ??? >>> >>>I mean that DNS and SSH traffic is the most important and I want to tell >>>it to ipfw :) >> >>Read the man page for dummynet. There's a bit of knowledge required before >>doing something like this, as you've got to work the dummynet rules into >>your other firewall rules. > > no, my question has nothing to do with DUMMYNET. No, you question has everything to do with dummynet. > I was asking: "how to tell to ipfw that DNS is more IMPORTANT than other > packets ?". > > I'm not about to shape the rest of packets to 50% of interface > capacity for all the time being :) Actually read the man page. I don't know where you got your ideas about dummynet, but if you read the man page it will explain how to do what you want. dummynet does more than just "shape the rest of the packets to 50% of the interface capacity". You can assign priorities to packets based on just about any filtering criteria you can use in ipfw, and dummynet will prioritize their delivery. When those types of packets are not occurring, the entire bandwidth is available to whatever traffic is present. Unless I'm completely misunderstanding what you mean by "IMPORTANT". If I am, please elaborate on what you mean by that. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIENGCCAA.barbish>