I need to traffic shape a remote box that runs IPF, and I have taken the time to learn to use IPFW with dummynet, and also that I can run IPFW wide open as IPF is the firewall. The box is 5.4 stable (generic) and I can't get around doing a reboot, from all the testing I have done. Must reboot unfortunately.
Loading the ipfw.ko and/or the dummynet.ko with kldload locks me out of an identical test box which is bad news for me. This box is in a colo center with just one ethernet interface. So my procedure works, but I am wondering if I should just suck it up and compile all this stuff into the kernel, or if my procedure below is somewhat safe? (it works, but I am looking for any hidden issues?) ======================================================== 1. Add this to /boot/loader.conf dummynet_load="YES" 2. Add this to rc.conf: firewall_enable="YES" firewall_quiet="YES" firewall_logging="YES" firewall_script="/etc/ipfw.rules" 3. Edit /etc/ipfw.rules with these entries: ------------------------------------------------ ipfw -q -f flush ipfw -q add 100 pass all from any to any via lo0 ipfw -q add 200 deny all from any to 127.0.0.0/8 ipfw -q add 300 deny ip from 127.0.0.0/8 to any ipfw -q add 65000 pass all from any to any ipfw -q add 1 pipe 1 ip from any to any out xmit ed0 ipfw -q pipe 1 config bw 128kbits/s ------------------------------------------------- REBOOT ...and the rate limiting works and I can also change the speed on the fly which is a good thing.... ======================================================== Thanks for any comments! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"