################################################################## ############### Warning !!! IPFW2 *required* !!! ################# ################################################################## # (C) 2003 Marcello Barnaba #----------------------------------------------------------------- #----------------------------- pipes ----------------------------- #----------------------------------------------------------------- #-- high-priority output pipe && queue -- p 1 config bw 150kb/s queue 4KB gred 0.002/20/80/0.01 q 1 config pipe 1 queue 4KB weight 5 buckets 256 mask src-ip 0xffffffff dst-ip 0xffffffff gred 0.002/20/80/0.01 #-- low-priority output pipe && queue --- p 2 config bw 120kb/s queue 4KB gred 0.002/10/30/0.01 q 2 config pipe 2 queue 4KB weight 1 buckets 256 mask src-ip 0xffffffff dst-ip 0xffffffff gred 0.002/200/800/0.01 #-- input pipe && queue ----------------- p 3 config bw 740kb/s queue 4KB gred 0.002/20/80/0.01 q 3 config pipe 3 queue 4KB buckets 256 mask src-ip 0xffffffff dst-ip 0xffffffff gred 0.002/20/80/0.01 #----------------------------------------------------------------- #----------------------------------------------------------------- #----------------------------- rules ----------------------------- #----------------------------------------------------------------- #----------------------------------------------------------------- # output pipes #----------------------------------------------------------------- #---------------------- -- - - # high priority #-------------- #-- caveat: SCP and CVS over SSH use port 22 too, so #-- put this before high priority rules. Include #-- cvs-pserver port, too. Also, I found no way #-- to shape succesfully a CVS connection .. so fallback #-- on 'allow' :( add 100 allow tcp from any to any dst-port 22,2401 iptos !lowdelay out xmit ng0 add 101 allow tcp from any to any dst-port 119,80,443 out xmit ng0 add 110 queue 1 tcp from any to any dst-port 22 out xmit ng0 add 120 queue 1 tcp from any to any iptos lowdelay out xmit ng0 add 130 queue 1 tcp from any to any dst-port 9999 out xmit ng0 add 140 queue 1 udp from any to any dst-port 53 out xmit ng0 #-- caveat: for forwarded connections, put this before #-- the high priority pipe for tcp acks add 155 queue 2 tcp from me 6667,80 to any out via ng0 #-- ftp uploads add 156 queue 2 tcp from me 20800-21000 to any out via ng0 add 160 queue 1 tcp from any to any out xmit ng0 tcpflags ack add 170 queue 1 icmp from any to any out xmit ng0 #-- caveat: prioritize work vpn`s (out) add 180 queue 1 udp from any 7266 to 213.26.232.14 dst-port 7266 out via ng0 add 185 queue 1 udp from any 7265 to any dst-port 7265 out via ng0 add 190 allow tcp from any to any dst-port 6968-6973 in via ng0 add 195 allow tcp from any to any dst-port 6667,80 in via ng0 #----------------------------------------------------------------- #---------------------- -- - - # low priority #------------- add 200 queue 2 ip from any to any out via ng0 #----------------------------------------------------------------- # input pipes #----------------------------------------------------------------- add 300 queue 3 ip from any to any in via ng0 #----------------------------------------------------------------- #----------------------------------------------------------------- # pass ipv6 to ip6fw #----------------------------------------------------------------- add 500 allow ipv6 from any to any #-----------------------------------------------------------------