nested ipfw dummynet pipes
Don Bowman
don at sandvine.com
Fri Jun 20 10:41:27 PDT 2003
is there any way, in a bridging config, to have nested pipes?
In particular, what i would like to achieve is a rule that
allows e.g. 64kbps per host (src-mask 0xffffffff), but
that all these hosts are in an overall 10Mbps pipe. The idea
will be that @ some times of the day the pipe is less than
full, so everyone gets 64kbps, but @ other times of the day
the pipe is full, and I don't want more than 10Mbps flowing.
net.inet.ip.fw.one_pass looks to do what i want but:
"Note: bridged and layer 2 packets coming out of a pipe are never
reinjected in the firewall irrespective of the value of this
variable."
suggests this is not the case.
Is there some technique using e.g. netgraph? Or can someone suggest
why the note is there and if it might be easily removed?
e.g. what i have is a system with
em0 <--> em1
net.link.ether.bridge_cfg="em0 em1"
net.link.ether.bridge=1
net.link.ether.bridge_ipfw=1
net.inet.ip.fw.one_pass=1
--don
More information about the freebsd-net
mailing list