ipfw dynamic bidirect
sid at merlin.com.ua
sid at merlin.com.ua
Sat Oct 16 09:34:56 PDT 2004
Hi all.
we have
ipfw add 10 pipe 10 ip from 10.0.0.1 to any in
ipfw add 10 pipe 10 ip from any to 10.0.0.1 out
pipe 10 config bw 56kbit
pipe 10 use single pipe for in & out (modeling async 56k modem) for single ip.
and what we can do in case we have 10.0.0.0/24 ip's ?
ipfw add 10 pipe 10 ip from 10.0.0.0/24 to any in
ipfw pipe 10 config bw 56k mask src-ip 0xffffffff buckets 1024
ipfw add 20 pipe 20 ip from any to 10.0.0.0/24 out
ipfw pipe 20 config bw 56k mask dst-ip 0xffffffff buckets 1024
so, there we have synchronous flow, 56k in + 56k out, but we want
have speed = in+out < 56k for each ip. how realise that?
is there possible make firewall for /24 (/23 /23 etc) net of IP
without creating one_pipe_for_each_ip ?
ipfw add 10 pipe 10 ip from 10.0.0.1 to any in
ipfw add 10 pipe 10 ip from any to 10.0.0.1 out
pipe 10 config bw 56kbit
.......
ipfw add N pipe N ip from 10.0.0.N to any in
ipfw add N pipe N ip from any to 10.0.0.N out
pipe N config bw 56kbit
sid at merlin
More information about the freebsd-ipfw
mailing list