Date: Thu, 10 Jul 1997 19:40:12 +0300 (IDT) From: Nadav Eiron <nadav@barcode.co.il> To: Cliff Addy <fbsdlist@federation.addy.com> Cc: questions@FreeBSD.ORG Subject: Re: ipfw Message-ID: <Pine.BSF.3.91.970710193831.5239A-100000@gatekeeper.barcode.co.il> In-Reply-To: <Pine.BSF.3.95q.970710103859.7752A-100000@federation.addy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Jul 1997, Cliff Addy wrote: > I've successfully compiled firewall support into the kernel and used ipfw > to set up some rules. I have two questions: > > 1) What is the best way to invoke ipfw rules at boot time? Since the > default condition is allow nothing, it breaks nfs, web servers, etc. I > presume it has something to do with rc.conf's "firewall" setting, but I've > not been able to find any documentation on the appropriate values (other > than "NO"). I'd like to have ipfw load up the rules from a file as early > in the boot process as possible. Set take a look at /etc/rc.firewall > > 2) We have several aliased ip addresses on the network card. The whole > point of this is to measure the traffic on each ip address separately. > I've tried adding rules like > > allow all from any to 207.239.68.3 > allow all from 207.239.68.3 to any > > and can get stats from ipfw on byte/packet counts for each of these rules. > My question is: Does adding the byte counts accurately tell me all the > bandwidth being used by that ip address, including packet headers, etc? > Or am I doing this all wrong? AFAIK it should. It counts the number and size of IP packets. That's about as low as you can get (it doesn't count Ethernet/IEEE 802.3 headers, but these are rarely of any interest) > > > > Nadav
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970710193831.5239A-100000>