* On 12/09/06 22:13 +0100, RW wrote: | On Tuesday 12 September 2006 20:49, Odhiambo Washington wrote: | > Hello Security guy ;) | > | > I have tried very hard to understand ipfw just for the purpose of | > bandwidth throttling for smtp service. | > | > Basically, I want to throttle the bandwidth used by my SMTP | > server outbound to _anyone_ else except my ip blocks. | > | > My Server is 1.2.3.4 and my ip blocks are a.b.c.d/19 and | > e.f.g.h/20 | > | > | > Are the following rules sane enough? | > | > ipfw pipe 1 config bw 256Kbit/s | > ipfw add pipe 1 tcp from 1.2.3.4 to not a.b.c.d/19 25 | > ipfw add pipe 1 tcp from 1.2.3.4 to not e.f.g.h/20 25 | | This queues all outgoing smtp to the pipe. | | You also need to set net.inet.ip.fw.one_pass=1 to avoid the packets | re-entering the rules on the next line. Setting that means that the packets | cannot pass through dynamic rules. It is possible to use dynamic rules with | dummynet, but it's a pain.
Thank you so much for clarifying that. What I wanted to be clarified is if it is true that "smtp traffic to a.b.c.d/19 and e.f.g.h/20" is NOT being put through this pipe.. net.inet.ip.fw.one_pass=1 seems to be the default on my system. Not sure why, but I will RTFM about it. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington <[EMAIL PROTECTED]> Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ If only one could get that wonderful feeling of accomplishment without having to accomplish anything. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"