incorrect operation dummynet? or my hands are crooked?

B

bahan

Hello everybody. Sorry for my bad English. Please'll show how you can limit the speed not only on ip but also on the port (eg, 80, 8080, 6000, etc.)? I use FreeBSD 6.4 i386. In kernel ipfw is default to deny. Previously there were no these lines
Code: 
${FwCMD} add pipe 10 src-port 80-29000
${FwCMD} add pipe 15 dst-port 80-29000
${FwCMD} add pipe 20 src-port 80-29000
${FwCMD} add pipe 25 dst-port 80-29000
${FwCMD} add pipe 30 src-port 80-29000
${FwCMD} add pipe 35 dst-port 80-29000
${FwCMD} add pipe 40 src-port 80-29000
${FwCMD} add pipe 45 dst-port 80-29000
${FwCMD} add pipe 50 src-port 80-29000
${FwCMD} add pipe 55 dst-port 80-29000
${FwCMD} add pipe 70 src-port 80-29000
${FwCMD} add pipe 75 dst-port 80-29000
But the speed is not limited for the P2P traffic and game traffc. Speed is only limited for WEB traffic. When I added this lines, speed limited for all trafic, but after a while the speed on all pipe falls, but in this time the internet channel is empty. DDOS attacks where no.
Below is my config of ipfw.
Code: 
#!/bin/sh

FwCMD="/sbin/ipfw -q"

LanOut="em0"
NetOut="xxx.xxx.xxx.xxx"
IpOut="xxx.xxx.xxx.xxx"

LanIn="em1"
NetIn="10.0.0.0/8"


${FwCMD} -f flush
${FwCMD} -f pipe flush
${FwCMD} -f queue flush

${FwCMD} add check-state

#pipe
${FwCMD} add 100 allow ip from any to any via lo0
${FwCMD} add 101 deny ip from any to 127.0.0.1/8
${FwCMD} add 102 deny ip from 127.0.0.1/8 to any
${FwCMD} add 103 deny ip from table\(40\) to any
${FwCMD} add 104 deny ip from any to table\(40\)
${FwCMD} add 105 deny tcp from table\(40\) to any
${FwCMD} add 106 deny tcp from any to table\(40\)
${FwCMD} add 107 deny udp from table\(40\) to any
${FwCMD} add 108 deny udp from any to table\(40\)
${FwCMD} add 110 deny all from 10.0.0.0/8 to any in via em0
${FwCMD} add 111 divert natd all from any to any via em0
${FwCMD} add 112 deny log ip from any to me 3306
${FwCMD} add 113 deny log tcp from any to me 3306
${FwCMD} add 114 deny log udp from any to me 3306
${FwCMD} add 200 tee 7223 ip from any to any via em0
${FwCMD} add 201 reject tcp from any to any tcpflags fin, syn, rst, psh, ack, urg
${FwCMD} add 202 reject tcp from any to any tcpflags !fin, !syn, !rst, !psh, !ack, !urg
${FwCMD} add 203 reject log tcp from any to any not established tcpflags fin
${FwCMD} add 204 deny log ip from any to any not verrevpath in

#${FwCMD} pipe 70 config mask src-ip 0xffffffff bw 2048000bit/s
#${FwCMD} pipe 75 config mask dst-ip 0xffffffff bw 2048000bit/s
#${FwCMD} add pipe 70 all from table\(30\) to any in
#${FwCMD} add pipe 75 all from any to table\(30\) out
#${FwCMD} add allow all from table\(30\) to any
#${FwCMD} add allow all from any to table\(30\)

#${FwCMD} add 449 deny all from any 139 to me in via em0

${FwCMD} add 450 allow ip from me to 10.0.0.0/8
${FwCMD} add 550 allow ip from 10.0.0.0/8 to me
#########################################################################################################################################
#DNS
${FwCMD} add 560 allow udp from any 53, 123 to any
${FwCMD} add 570 allow udp from any to any 53, 123


${FwCMD} add 650 allow icmp from any to any
${FwCMD} add 710 allow icmp from any to any

#${FwCMD} add 650 allow tcp from any 3928, 19001, 19093 to any
#${FwCMD} add 651 allow tcp from any to any 3928, 19001, 19093
#${FwCMD} add 652 allow udp from any 3928, 2900 to any
#${FwCMD} add 653 allow udp from any to any 3928
#${FwCMD} add 654 allow udp from any 5023 to any
#${FwCMD} add 655 allow tcp from any 5023 to any
#${FwCMD} add 656 allow udp from any to any 5023
#${FwCMD} add 656 allow tcp from any to any 5023
#All protocols

${FwCMD} add 750 allow tcp from any to me in via em0
${FwCMD} add 810 allow tcp from me to any out via em0
${FwCMD} add 3026 pass all from any 3908 to any

########################################################################
#64Kbit/s
${FwCMD} pipe 10 config mask src-ip 0xffffffff bw 64Kbit/s queue 10Kbytes
${FwCMD} pipe 15 config mask dst-ip 0xffffffff bw 64Kbit/s queue 10Kbytes
${FwCMD} add pipe 10 all from table\(10\) to any in
${FwCMD} add pipe 15 all from any to table\(10\) out
${FwCMD} add allow tcp from table\(10\) to any
${FwCMD} add allow tcp from any to table\(10\)
${FwCMD} add allow udp from table\(10\) to any
${FwCMD} add allow udp from any to table\(10\)

#128Kbit/s
${FwCMD} pipe 20 config mask src-ip 0xffffffff bw 128Kbit/s queue 20Kbytes
${FwCMD} pipe 25 config mask dst-ip 0xffffffff bw 128Kbit/s queue 20Kbytes
${FwCMD} add pipe 20 all from table\(12\) to any in
${FwCMD} add pipe 25 all from any to table\(12\) out
${FwCMD} add allow tcp from table\(12\) to any
${FwCMD} add allow tcp from any to table\(12\)
${FwCMD} add allow udp from table\(12\) to any
${FwCMD} add allow udp from any to table\(12\)

#256Kbit/s
${FwCMD} pipe 30 config mask src-ip 0xffffffff bw 256Kbit/s queue 20Kbytes
${FwCMD} pipe 35 config mask dst-ip 0xffffffff bw 256Kbit/s queue 20Kbytes
${FwCMD} add pipe 30 all from table\(14\) to any in
${FwCMD} add pipe 35 all from any to table\(14\) out
${FwCMD} add allow tcp from table\(14\) to any
${FwCMD} add allow tcp from any to table\(14\)
${FwCMD} add allow udp from table\(14\) to any
${FwCMD} add allow udp from any to table\(14\)

#512Kbit/s
${FwCMD} pipe 40 config mask src-ip 0xffffffff bw 512Kbit/s queue 20Kbytes
${FwCMD} pipe 45 config mask dst-ip 0xffffffff bw 512Kbit/s queue 20Kbytes
${FwCMD} add pipe 40 all from table\(16\) to any in
${FwCMD} add pipe 45 all from any to table\(16\) out
${FwCMD} add allow tcp from table\(16\) to any
${FwCMD} add allow tcp from any to table\(16\)
${FwCMD} add allow udp from table\(16\) to any
${FwCMD} add allow udp from any to table\(16\)

#1024Kbit/s
${FwCMD} pipe 50 config mask src-ip 0xffffffff bw 1024Kbit/s queue 20Kbytes
${FwCMD} pipe 55 config mask dst-ip 0xffffffff bw 1024Kbit/s queue 20Kbytes
${FwCMD} add pipe 50 all from table\(18\) to any in
${FwCMD} add pipe 55 all from any to table\(18\) out
${FwCMD} add allow tcp from table\(18\) to any
${FwCMD} add allow tcp from any to table\(18\)
${FwCMD} add allow udp from table\(18\) to any
${FwCMD} add allow udp from any to table\(18\)

#2048Kbit/s
${FwCMD} pipe 70 config mask src-ip 0xffffffff bw 2Mbit/s queue 20Kbytes
${FwCMD} pipe 75 config mask dst-ip 0xffffffff bw 2Mbit/s queue 20Kbytes
${FwCMD} add pipe 70 all from table\(25\) to any in
${FwCMD} add pipe 75 all from any to table\(25\) out
${FwCMD} add allow tcp from table\(25\) to any
${FwCMD} add allow tcp from any to table\(25\)
${FwCMD} add allow udp from table\(25\) to any
${FwCMD} add allow udp from any to table\(25\)

########################################################################
${FwCMD} add pipe 10 src-port 80-29000
${FwCMD} add pipe 15 dst-port 80-29000
${FwCMD} add pipe 20 src-port 80-29000
${FwCMD} add pipe 25 dst-port 80-29000
${FwCMD} add pipe 30 src-port 80-29000
${FwCMD} add pipe 35 dst-port 80-29000
${FwCMD} add pipe 40 src-port 80-29000
${FwCMD} add pipe 45 dst-port 80-29000
${FwCMD} add pipe 50 src-port 80-29000
${FwCMD} add pipe 55 dst-port 80-29000
${FwCMD} add pipe 70 src-port 80-29000
${FwCMD} add pipe 75 dst-port 80-29000
########################################################################
${FwCMD} add 7920 pass udp from any 80-29999 to any
${FwCMD} add 7921 pass udp from any to any 80-29999
${FwCMD} add 7922 pass tcp from any 80-29999 to any
${FwCMD} add 7923 pass tcp from any to any 80-29999
########################################################################
${FwCMD} add 7924 pass tcp from any to me 22 in via em1
${FwCMD} add 7925 pass tcp from me 22 to any out via em1
${FwCMD} add deny all from any to any via em0
${FwCMD} add deny log ip from any to any

Please say, what is wrong? And maybe I did not correctly write the rules?
 
You must log in or register to reply here.
Back
Top