Re: Ipfw accept rule

• Previous message: Juhani Tali: "how can I redirect?"
• In reply to: Bikrant Neupane: "Ipfw accept rule"
• Next in thread: Bikrant Neupane: "Re: Ipfw accept rule"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: Bikrant Neupane <bikrant_ml@wlink.com.np>
Date: Thu, 23 Sep 2004 15:15:36 -0400

Here are my dummy net rules. Not sure if they are exactly work or not
but they keep my kids from using all the upstream bandwidth.
If anyone has a better way, please by all means let me know. The only
thing I'm not sure of, is where it goes in the rule set. Here is where
I have mine and how it is set up. Hope this helps.

        case ${natd_enable} in
        [Yy][Ee][Ss])
                if [ -n "${natd_interface}" ]; then
                        ${fwcmd} add divert natd all from any to any via ${natd_interface}
                fi
                ;;
        esac

        ${fwcmd} add skipto 20000 ip from any to any bridged

#---------------------- DUMMYNET Config --------------------------
#
        ${fwcmd} add pipe 1 { tcp or udp } from ${iip1} to any 80-65000
        ${fwcmd} pipe 1 config mask src-ip 0xffffff00 bw 384Kbit/s queue
20Kbytes
#
        ${fwcmd} add pipe 2 ip from ${iip1} to any out
        ${fwcmd} pipe 2 config mask src-ip 0xffffff00 bw 1024Kbit/s queue
20Kbytes
#
        ${fwcmd} add pipe 3 ip from any to ${iip1} in
        ${fwcmd} pipe 3 config mask dst-ip 0xffffff00 bw 1024Kbit/s queue
20Kbytes

${iip1} = 192.168.1.0/24

I used "whatmask" in /usr/ports/net-mgmt/whatmask to help figure out
what the netmask was for my subnet in case you use a different subnet
than I.

On Thu, 2004-09-23 at 02:48, Bikrant Neupane wrote:

> Hi,
> When a packet hits "allow | accept | pass | permit" rule the packet is
> accepted and the search is retiminated at that point.
>
> I need to accept the packet but still want the packet to continue travers
> rules further below. However, once it hits "deny | drop" rule it should be
> dropped and the search should terminate at that point. Is that possible with
> IPFW?
>
> regards,
> Bikrant
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

-- 
NetAdmin for the FoxChat.Net IRC Network.
The FoxSurfer Group

• application/pgp-signature attachment: This is a digitally signed message part

• Previous message: Juhani Tali: "how can I redirect?"
• In reply to: Bikrant Neupane: "Ipfw accept rule"
• Next in thread: Bikrant Neupane: "Re: Ipfw accept rule"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]