Skip site navigation (1)Skip section navigation (2)
Date:      7 Apr 2003 09:41:29 +0200
From:      "clemens fischer" <ino-qc@spotteswoode.de.eu.org>
To:        "Sereciya Kurdistani" <sereciya@kurdistan.ath.cx>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Sereciya :: Prioritizing empty TCP ACKs... OpenBSD pf -> FreeBSD ipfw Translation
Message-ID:  <4r5aoity.fsf@ID-23066.news.dfncis.de>
In-Reply-To: <20030406174116.GC15115@kurdistan.ath.cx> (Sereciya Kurdistani's message of "Sun, 6 Apr 2003 10:41:16 -0700")
References:  <20030406174116.GC15115@kurdistan.ath.cx>

next in thread | previous in thread | raw e-mail | index | archive | help
Sereciya Kurdistani <sereciya@kurdistan.ath.cx>:

>   Suggestions, recommendations & corrections gladly accepted; send
>   em over!

i'd suggest you start with something different:  spend some time
setting up scripts allowing you test firewall rules with frequent
changes.  the more you invest in this, the better you can
experiment.  note that ipfw allows you to log every rule firing, it
has options to list the rules together with the last time they fired.

just found an example in /usr/share/examples/ipfw/change_rules.sh.

you will find a lot more example especially on traffic shaping using
dummynet(4) in the documentation for ipa, and you'll find examples
for it in examples/ipa/.  if you have this nifty tool installed, that
is.

  clemens



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4r5aoity.fsf>