Re: Ipfw accept rule
From: Jon Simola (jon_at_abccom.bc.ca)
Date: 09/24/04
- Previous message: Matthew Seaman: "Re: Problem with spamass-milter and libmilter sendmail-8.13.1"
- In reply to: Bikrant Neupane: "Re: Ipfw accept rule"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 24 Sep 2004 08:37:38 -0700 (PDT) To: Bikrant Neupane <bikrant_ml@wlink.com.np>
On Fri, 24 Sep 2004, Bikrant Neupane wrote:
> > > Well, I have no problem with the MAC filtering rules.
> > > Only problem that I am having is that the pkts hit the matching rule
> > > twice as a result I get only half of the b/w than that specified in ipfw
> > > pipe command.
Yes, the packets will hit the pipe twice. Once at layer2 and once at
layer3. You're not stopping the packets from passing through a pipe simply
by leaving out a "layer2" from the rule.
ether_input -> ipfw -> ip_input -> ipfw -> network stack
> > > Isn't there a way to construct rules such that matching pkts hit the rule
> > > only once?
Write your ruleset appropriately, or stick "not layer2" on your pipe
rules.
---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Matthew Seaman: "Re: Problem with spamass-milter and libmilter sendmail-8.13.1"
- In reply to: Bikrant Neupane: "Re: Ipfw accept rule"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
