Editing
FreeBSD Reference
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Setting up bandwidth caps on firewall == Creating a new pipe to limit someone's outbound speed: First make sure that you're not about to use a pipe that already exists. <pre>newgateway# ipfw pipe list 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 69.55.224.109/44027 67.28.113.10/25 22 1320 0 0 0 newgateway#</pre> there's already a pipe 1, so we'll use pipe 2, we're also going to add this as rule 2. (in this case the customer's IP is 69.55.224.109, and we only want to catch stuff going out so we use xmit em0. <pre>newgateway# ipfw add 2 pipe 2 ip from 69.55.224.109 to any xmit em0 00002 pipe 2 ip from 69.55.224.109 to any xmit em0 newgateway#</pre> Now all we have to do is set the speed limit: <pre>newgateway# ipfw pipe 2 config bw 1Mbit/s newgateway#</pre> Lastly, list the pipes to make sure everything is the way we want it: <pre>newgateway# ipfw pipe list 00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 69.55.224.109/44027 67.28.113.10/25 747 44980 0 0 0 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 69.55.224.109/80 62.172.72.131/26327 8468 9259344 40 42972 1038 newgateway#</pre> Removing a pipe: the rule to match on and the pipe itself have to be deleted separately: <pre>newgateway# ipfw delete 1 newgateway#</pre> and to delete the pipe itself: <pre>newgateway# ipfw pipe delete 1 newgateway#</pre> list the pipes again: <pre>newgateway# ipfw pipe show 00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 69.55.224.109/80 62.172.72.131/26327 38383 42636953 48 50955 5111 newgateway#</pre> more than one rule can feed into a pipe, so the speed of everything that matches will get lumped together in the same pipe. this is useful when a customer has more than on IP or system, and you want to limit his total combined speed.
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information