On Sun, Jan 8, 2012 at 1:00 PM, Ian Smith <[email protected]> wrote: > On Sat, 7 Jan 2012, budsz wrote: > [..] > > > keyword instead of an explicit address. The search > terminates if > > > this rule matches. > > > > > > Note particularly the last sentence. You'll have to do your dummynet > > > piping first, if it is to apply also to forwarded packets. > > > > > > (sysctl) > > > net.inet.ip.fw.one_pass: 1 > > > When set, the packet exiting from the dummynet pipe or from > > > ng_ipfw(4) node is not passed though the firewall again. > Other- > > > wise, after an action, the packet is reinjected into the > firewall > > > at the next rule. > > > > > > It seems that you may have one_pass set to 1. Set to 0, packets will > > > continue through the ruleset on exit from pipe/s, so to your fwd rule. > > > > > > cheers, Ian > > > > Thank you very much, lazy to read ipfw(8) :) > > > > pipe pipe_nr > > Pass packet to a dummynet ``pipe'' (for bandwidth limitation, > > delay, etc.). See the TRAFFIC SHAPER (DUMMYNET) CONFIGURATION > > Section for further information. The search terminates; > however, > > on exit from the pipe and if the sysctl(8) variable > > net.inet.ip.fw.one_pass is not set, the packet is passed > again to > > the firewall code starting from the next rule. > > > > > > -- > > budsz > > No problem. However it's considered good form to also copy responses > cc'd back to the two lists this thread appears on, for the archives. > > Not that I need the credit, but it shows that the advice was useful, and > that other list members need not also respond, thinking it unresolved. > > cheers, Ian
OK,thank you for reminding me :) TIA -- budsz _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
