On Thu, Sep 23, 2004 at 09:10:49AM -0600, Nathan Kinkade wrote: > On Thu, Sep 23, 2004 at 01:36:57PM +0545, Bikrant Neupane wrote: > > Thanks for the reply. > > Well I am not looking for the count rule. > > > > Actually I have some other situation. I am trying to implement b/w shaping > > using ipfw. And i am trying to include mac address based filtering in it as > > well. As long as I don't implement ipfw in ether (net.link.ether.ipfw=0/1) > > pkts hit the rule only once and I get the b/w as specified in the IPFW pipe > > syntax. However when I enable ipfw in ether all the pkts hits the matching > > rule twice. and as a result I get half of the b/w to what has been specified > > in ipfw pipe. > > This is normal (as mentiontioned in ipfw man page) since pkt traversal is > > doubled when IPFW is enabed in ether. > > > <snip> > > Would the following sysctl variable help your problem? > > From the ipfw manpage: > > net.inet.ip.fw.one_pass: 1 > When set, the packet exiting from the dummynet(4) pipe is not passed > though the firewall again. Otherwise, after a pipe action, the packet > is reinjected into the firewall at the next rule.
No this only works for pipes and queues. Not for allow / deny. There only solution I know of is to plave denies before the allows. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/FreeBSD/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"