[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Understanding where dummynet fits into an ipfw ruleset
- To: freebsd-net_(_at_)_freebsd_(_dot_)_org
- Subject: Understanding where dummynet fits into an ipfw ruleset
- From: "Freddie Cash" <fjwcash_(_at_)_gmail_(_dot_)_com>
- Date: Fri, 27 Jun 2008 13:01:28 -0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=rsntnIJ5l769WxfIHuMp9x18ip7LyliQeOJgrBODMSo=; b=AVB8Lly73U4qEth2t08srQqsuFzgXbERjpI2d4S2m+jA3q/nmZ/VC99QuhTcCiQ+QC voSeZRy8HLaSe+/45UqoL4eoMrbaM4nWZ3NDMwo6tbJjDXZCdQ9MO7Y6E2zOMkfFYHGw sy/PFKVcf3tam8pDWmy623LFxFdr/2R3UsP30=
I'm trying to figure out how traffic shaping using dummynet fits into
an ipfw ruleset.
Mainly, I'm wondering where to put the "ipfw queue" rules (the ones
that send the packets to dummynet), in relation to the packet
filtering rules, or if it even matters.
For instance, do the queue rules apply to all the rules in the set, or
only to rules that follow after the queue rules (numerically)?
Say I've got a firewall setup that does 1:1 NAT for a bunch of servers
(allow incoming/outgoing traffic), as well as 1:many NAT for the
workstations (allow outgoing) on the LAN. I want to add traffic
shaping rules that give traffic from the workstations to specific IPs
greater weight than general traffic from the workstations to the
Internet (ie reserve 25% of the bandwidth for important services).
Would I put the queue rules at the start of the ruleset or the end?
Or in the middle, just above the rules for the workstations? Do I add
them after all the bad packet checks and general deny rules that are
at the top of the ruleset?
Just wondering how the queue rules interact with the general packet
filter rules, since they can have the same parameters.
freebsd-net_(_at_)_freebsd_(_dot_)_org mailing list
To unsubscribe, send any mail to "freebsd-net-unsubscribe_(_at_)_freebsd_(_dot_)_org"