Date: Fri, 16 Feb 2001 09:05:29 -0600 From: Mike Bytnar <mbytnar@auvo.com> To: Chris Elsworth <chrise@demon.net> Cc: stable@FreeBSD.ORG, Bradley Kite <bradley@rug-rats.org> Subject: Re: ipfw query.. Message-ID: <3A8D41B9.F79358D3@auvo.com> References: <20010215130342.A95395@demon.net> <20010215135309.A23654@rug-rats.org> <3A8BE217.7AF6BFBD@herculeez.com> <20010215140949.A96244@demon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
sysctl -w net.inet.ip.fw.one_pass=0 This flag allows packets to pass through the pipes, until they are accepted by a pass or fail rule. But the configuration can be tricky. Another way is to place your packet processing (such as natd) first, then pass through the pipes. --Mike Chris Elsworth wrote: > On Thu, Feb 15, 2001 at 02:05:11pm +0000, Simon Loader wrote: > > Bradley Kite wrote: > > > > > > I'm sure there is a flag you can append to the end of > > > the pipe rules, that tell ipfw to continue going through the rules > > > instead of stopping when they match. > > > > > > I cant remember what the flag is tho, sorry :-( > > [...] > If I don't put the pipes first then I can't bandwidth limit, because when > the packets go through one of the allow rules, to, say, sshd - then > they'll never see the pipe and won't get limited or counted. So the pipes > have to come first.. > > -- > Chris Elsworth tel: 020 8371 1041 _ . > Systems Administrator mob: 07968 324 693 demon @ thus . . > Web & Hosting Team chrise@demon.net http://www.demon.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A8D41B9.F79358D3>