Date: Thu, 10 Jul 1997 12:24:00 -0400 (EDT) From: Cliff Addy <fbsdlist@federation.addy.com> To: questions@freebsd.org Subject: ipfw Message-ID: <Pine.BSF.3.95q.970710103859.7752A-100000@federation.addy.com>
next in thread | raw e-mail | index | archive | help
I've successfully compiled firewall support into the kernel and used ipfw
to set up some rules. I have two questions:
1) What is the best way to invoke ipfw rules at boot time? Since the
default condition is allow nothing, it breaks nfs, web servers, etc. I
presume it has something to do with rc.conf's "firewall" setting, but I've
not been able to find any documentation on the appropriate values (other
than "NO"). I'd like to have ipfw load up the rules from a file as early
in the boot process as possible.
2) We have several aliased ip addresses on the network card. The whole
point of this is to measure the traffic on each ip address separately.
I've tried adding rules like
allow all from any to 207.239.68.3
allow all from 207.239.68.3 to any
and can get stats from ipfw on byte/packet counts for each of these rules.
My question is: Does adding the byte counts accurately tell me all the
bandwidth being used by that ip address, including packet headers, etc?
Or am I doing this all wrong?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970710103859.7752A-100000>