On Wednesday 13 September 2006 06:25, Odhiambo Washington wrote: > * On 12/09/06 22:13 +0100, RW wrote: > | On Tuesday 12 September 2006 20:49, Odhiambo Washington wrote: > | > Hello Security guy ;) > | > > | > I have tried very hard to understand ipfw just for the purpose of > | > bandwidth throttling for smtp service. > | > > | > Basically, I want to throttle the bandwidth used by my SMTP > | > server outbound to _anyone_ else except my ip blocks. > | > > | > My Server is 1.2.3.4 and my ip blocks are a.b.c.d/19 and > | > e.f.g.h/20 > | > > | > > | > Are the following rules sane enough? > | > > | > ipfw pipe 1 config bw 256Kbit/s > | > ipfw add pipe 1 tcp from 1.2.3.4 to not a.b.c.d/19 25 > | > ipfw add pipe 1 tcp from 1.2.3.4 to not e.f.g.h/20 25 > | > | This queues all outgoing smtp to the pipe. > | > | You also need to set net.inet.ip.fw.one_pass=1 to avoid the packets > | re-entering the rules on the next line. Setting that means that the > | packets cannot pass through dynamic rules. It is possible to use dynamic > | rules with dummynet, but it's a pain. > > Thank you so much for clarifying that. What I wanted to be clarified is > if it is true that "smtp traffic to a.b.c.d/19 and e.f.g.h/20" is NOT > being put through this pipe..
The logic you have is: (NOT in range a.b.c.d/19) OR (NOT in range e.f.g.h/20) what you want is: NOT ( in range a.b.c.d/19 OR in range e.f.g.h/2 ) I'm a bit rusty with IPFW, but you can probably specify multiple address blocks in one statement - have a look at the man page. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"