packet order, ipf or ipfw
cha...@schluting.com
I'm running ipf because I like it ...but now I need to use ipfw's pipe
feature. I was thinking that I could just run both, and keep all my
rules in ipf, then in ipfw: limit bandwidth for a few vlans, then allow all.
It didn't work (no rate-limiting happened).. and I'm thinking that ipf
is passing the packets and bypassing ipfw? Or something..
So, what is the order, if I'm running ipf AND ipfw at the same time?
Will it work at all in this manner?
Thanks!
-Charlie
_______________________________________________
freeb...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net...@freebsd.org"
resi...@b-o.ru
Thursday, July 29, 2004, 1:23:33 AM, you wrote:
CS> So, what is the order, if I'm running ipf AND ipfw at the same time?
CS> Will it work at all in this manner?
Load both firewalls as modules, then you can be sure packets goes
first through firewall you load first. And yes, this should works ok
(ipf AND ipfw).
--
Andrew mailto:resi...@b-o.ru
proud lvl 9 ubah haxor (http://www.try2hack.nl/levels/)
cha...@schluting.com
> by default the flow is:
>
> wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfilter -> ipnat ->ipfw
>
> the patch in the above PR changes it to:
>
> wire -> ipnat -> ipfilter -> ipfw -> kernel -> ipfw -> ipfilter -> ipnat
Interesting! Thanks for all the great info guys.
I don't really need to use the patch, since I simply want to limit my
outbound bandwidth usage.
The problem with my rules before was a result of not understanding that
nat translation had already taken place (I think). I'll test this weekend.
Thanks;
-Charlie