Date: Mon, 29 Jul 2019 18:44:00 +0100 From: Paul Webster <paul.g.webster@googlemail.com> To: mike tancsa <mike@sentex.net>, "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: RE: pf and dummynet Message-ID: <5d3f305f.1c69fb81.90047.531f@mx.google.com> In-Reply-To: <d68129cd-40a4-e065-32c3-3f574eca537e@sentex.net> References: <d68129cd-40a4-e065-32c3-3f574eca537e@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
You can mix ipfw and pf, but beware of the order they are loaded (The first= one loaded is inside the second one loaded) =E2=80=93 it may be better in = fact to compile them both in the kernel. You basically end up with: (pf)(ipfw)(system)(ipfw)(pf) =E2=80=93 assuming = pf was loaded first Sent from Mail for Windows 10 From: mike tancsa Sent: 29 July 2019 17:06 To: freebsd-pf@freebsd.org Subject: pf and dummynet I have a box I need to shape inbound and outbound traffic. It seems altq can only shape outbound packets and not limit inbound ?=C2=A0 If thats the case, what is the current state of mixing ipfw, dummynet and pf ? Writing large complex firewall rules works better from a readability POV (for us anyways) so I really prefer to use it. But I need to prevent zfs replication eating up BW over some WAN links, and dummynet seems to "just work" For ipfw I have 00010 6640359 9959147882 pipe 1 tcp from 192.168.128.0/20 to any 01000 3486901=C2=A0 228480912 allow ip from any to any and then checking my pf.conf rules, it seems to block and pass traffic as expected.=C2=A0 Is there anything I should explicitly check ? =C2=A0=C2=A0=C2=A0 ---Mike _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5d3f305f.1c69fb81.90047.531f>