Am 16.01.2001 um 17:38:46 schrieb Martin Eggen:
Hi Martin,
thanks a lot for your hints.
> You might want to take a look at ALTQ[0] from the KAME people, or just use
> ipfw with a default pass all rule (or IPFIREWALL_DEFAULT_ACCEPT), so that
> it's only used for bw limiting. (The packets will then first go through
> ipfw, and then through ipf, IIRC).
so it is definitely impossible that a packet that passes ipfw (as every
packet does) enters the system even if ipf says "no", right?
I have some additional questions concerning the ipfw approach:
- is it in general a bad thing to have ipf/ipfw together running on one
machine or ist it just o.k. to have ipf as firewall and IP-accounting
and ipfw for bandwith limitations?
- is there a performance loss worth mentioning in using both tools
compared to only have ipfw running for all purposes?
- does the bandwith-limitation that ipfw/dummynet offer tear down the
effective bandwith of my server?
- does the bandwith-limitation (ipfw) cost a lot of cpu/memory
performance?
thanks a lot for your help
/ch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
