sysctl -w net.inet.ip.fw.one_pass=0
This flag allows packets to pass through the pipes, until they are accepted by a
pass or fail rule. But the configuration can be tricky.
Another way is to place your packet processing (such as natd) first, then pass
through the pipes.
--Mike
Chris Elsworth wrote:
> On Thu, Feb 15, 2001 at 02:05:11pm +0000, Simon Loader wrote:
> > Bradley Kite wrote:
> > >
> > > I'm sure there is a flag you can append to the end of
> > > the pipe rules, that tell ipfw to continue going through the rules
> > > instead of stopping when they match.
> > >
> > > I cant remember what the flag is tho, sorry :-(
> >
[...]
> If I don't put the pipes first then I can't bandwidth limit, because when
> the packets go through one of the allow rules, to, say, sshd - then
> they'll never see the pipe and won't get limited or counted. So the pipes
> have to come first..
>
> --
> Chris Elsworth tel: 020 8371 1041 _ .
> Systems Administrator mob: 07968 324 693 demon @ thus . .
> Web & Hosting Team [EMAIL PROTECTED] http://www.demon.net
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-stable" in the body of the message
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
