Firewall
Robert Watson
rwatson at FreeBSD.org
Mon Apr 30 12:17:48 UTC 2007
On Mon, 30 Apr 2007, Peter Jeremy wrote:
> On 2007-Apr-30 10:58:18 +0100, Robert Watson <rwatson at freebsd.org> wrote:
>
>> One of the big selling points of IPFW is integration with DUMMYNET, which
>> offers bandwidth management facilities not present in the other systems.
>
> I thought altq(4) could also do most of what dummynet(4) does but based on a
> closer look, it seems that it can't do the packet delay stuff, though it
> seems to have fairly similar bandwidth management facilities.
altq(4) as implemented on FreeBSD operates on outbound network interface
queues. This limits its utility significantly:
(1) It does not affect inbound network traffic at all, so for non-routers, you
can't control the way inbound traffic appears to the stack, only replies.
(2) Most modern network hardware effectively places these queues in hardware,
especially if not running completely saturated.
Robert N M Watson
Computer Laboratory
University of Cambridge
More information about the freebsd-net
mailing list