ipfw - bandwidth throttling (sanity check!)
Odhiambo Washington
wash at wananchi.com
Tue Sep 12 22:25:38 PDT 2006
* On 12/09/06 22:13 +0100, RW wrote:
| On Tuesday 12 September 2006 20:49, Odhiambo Washington wrote:
| > Hello Security guy ;)
| >
| > I have tried very hard to understand ipfw just for the purpose of
| > bandwidth throttling for smtp service.
| >
| > Basically, I want to throttle the bandwidth used by my SMTP
| > server outbound to _anyone_ else except my ip blocks.
| >
| > My Server is 1.2.3.4 and my ip blocks are a.b.c.d/19 and
| > e.f.g.h/20
| >
| >
| > Are the following rules sane enough?
| >
| > ipfw pipe 1 config bw 256Kbit/s
| > ipfw add pipe 1 tcp from 1.2.3.4 to not a.b.c.d/19 25
| > ipfw add pipe 1 tcp from 1.2.3.4 to not e.f.g.h/20 25
|
| This queues all outgoing smtp to the pipe.
|
| You also need to set net.inet.ip.fw.one_pass=1 to avoid the packets
| re-entering the rules on the next line. Setting that means that the packets
| cannot pass through dynamic rules. It is possible to use dynamic rules with
| dummynet, but it's a pain.
Thank you so much for clarifying that. What I wanted to be clarified is
if it is true that "smtp traffic to a.b.c.d/19 and e.f.g.h/20" is NOT
being put through this pipe..
net.inet.ip.fw.one_pass=1 seems to be the default on my system. Not sure
why, but I will RTFM about it.
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wash at wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121
+======================================================================+
If only one could get that wonderful feeling of accomplishment without
having to accomplish anything.
More information about the freebsd-questions
mailing list