[FreeBSD 5.2] Bandwith and packet throttling
Barney Wolff
barney at databus.com
Sun Aug 15 12:54:37 PDT 2004
On Sun, Aug 15, 2004 at 11:31:07AM -0700, Fargo Holiday wrote:
>
> cramster# ipfw show
> 00050 14819576 8458459132 divert 8668 ip from any to any via dc0
> 00100 250 32470 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 65000 44478701 31835950367 allow ip from any to any
> 65100 0 0 pipe 1 ip from 10.0.0.8 to any
> 65200 0 0 pipe 2 ip from any to 10.0.0.8
> 65535 0 0 deny ip from any to any
man ipfw will point out that the first allow or deny that "hits"
terminates rule processing. Perhaps you're more familiar with other
firewalls, where this sensible design is not the normal case.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-net
mailing list