ipfw dummynet rule help

Lee Brotherston lee at nerds.org.uk
Sun Jan 5 00:04:52 GMT 2003


On Mon, Dec 23, 2002 at 02:19:02AM -0000, James wrote:
> 
> I have been looking at various docs and searching Google for some time
> looking for decent idiot proof dummynet guides and tutorials. Basically all
> I need to do is to limit outgoing data on port 80 (Apache) to a certain
> amount, for example 15KB/s however; I have not yet come up with a successful
> ipfw rule that makes this effective.
> 

What you need is not just a rule, but a dummynet pipe and a rule to
direct traffic to that pipe.  Using 192.168.0.3 as your webserver, and
bearing in mind that this is limited total bandwidth, not per
connection:

ipfw pipe 1 config bw 15KBytes/s
ipfw add 1000 pipe 1 tcp from 192.168.0.3 80 to any

The first line configures a pipe (pipe 1) and the second line is a
firewall rule which instead of having the action of deny, drop ,
allow, etc.  Has pipe 1, which means anything matching this rule is
sent to pipe 1, this is similar to using queue's.

Best things to read about this are the man pages for ipfw and
dummynet, funnily enough ;)

When writing rules using pipes, you should also bear in mind what you
have set for net.inet.ip.fw.one_pass.  The reasons for checking this
are in the ipfw man page ;)

Thanks

  Lee

-- 
Lee Brotherston - <lee at nerds.org.uk>
That vulnerability is completely TheoDeRaadtical




More information about the Ukfreebsd mailing list