ipfw dummynet rule help

Lee Brotherston lee at nerds.org.uk
Sun Jan 5 00:04:52 GMT 2003

On Mon, Dec 23, 2002 at 02:19:02AM -0000, James wrote:
> I have been looking at various docs and searching Google for some time
> looking for decent idiot proof dummynet guides and tutorials. Basically all
> I need to do is to limit outgoing data on port 80 (Apache) to a certain
> amount, for example 15KB/s however; I have not yet come up with a successful
> ipfw rule that makes this effective.

What you need is not just a rule, but a dummynet pipe and a rule to
direct traffic to that pipe.  Using as your webserver, and
bearing in mind that this is limited total bandwidth, not per

ipfw pipe 1 config bw 15KBytes/s
ipfw add 1000 pipe 1 tcp from 80 to any

The first line configures a pipe (pipe 1) and the second line is a
firewall rule which instead of having the action of deny, drop ,
allow, etc.  Has pipe 1, which means anything matching this rule is
sent to pipe 1, this is similar to using queue's.

Best things to read about this are the man pages for ipfw and
dummynet, funnily enough ;)

When writing rules using pipes, you should also bear in mind what you
have set for net.inet.ip.fw.one_pass.  The reasons for checking this
are in the ipfw man page ;)



Lee Brotherston - <lee at nerds.org.uk>
That vulnerability is completely TheoDeRaadtical

More information about the Ukfreebsd mailing list