Location: root / Entry=20100207-090600.0

FreeBSD IPFW ACK prioritization firewall type example

Date: 20100207-09:06
Author: Zane C. B-H.
The example below shows separating the traffic out between local, for three subnets, and remote and then prioritizing the remote stuff for getting the ACKs out a bit faster.

If you are using FreeBSD with bittorrent or something else making heavy use of a remote network, this is great for helping smooth out the feel of remote access.

##
##vulpes
##
[Vv][Uu][Ll][Pp][Ee][Ss])
        ##
        ##pipes
        ##
        #local
        ${fwcmd} pipe 1 config bw 100Mbit buckets 128
        #outbound
        ${fwcmd} pipe 2 config bw 512Kbit buckets 128
        #inbound
        ${fwcmd} pipe 3 config bw 3Mbit buckets 128

        ##
        ##queues
        ##
        #outbound ack prioritizing
        ${fwcmd} queue 1 config pipe 2 weight 100 buckets 128
        ${fwcmd} queue 2 config pipe 2 weight 1 buckets 128
        #inbound ack prioritizing
        ${fwcmd} queue 3 config pipe 3 weight 100 buckets 128
        ${fwcmd} queue 4 config pipe 3 weight 1 buckets 128

        #pass stuff to the local pipe
        ${fwcmd} add 500 pipe 1 tcp from me to 192.168.15.0/24
        ${fwcmd} add 500 pipe 1 tcp from 192.168.15.0/24 to me
        ${fwcmd} add 501 pipe 1 tcp from me to 192.168.14.0/24
        ${fwcmd} add 501 pipe 1 tcp from 192.168.14.0/24 to me
        ${fwcmd} add 502 pipe 1 tcp from me to 10.69.0.0/24
        ${fwcmd} add 502 pipe 1 tcp from 10.69.0.0/24 to me

        #pass stuff to the outbound pipe
        ${fwcmd} add 510 queue 1 tcp from me to any tcpflags ack
        ${fwcmd} add 510 queue 2 udp from me to any


        #pass stuff to the inbound pipe
        ${fwcmd} add 520 queue 3 tcp from any to me tcpflags ack
        ${fwcmd} add 520 queue 4 udp from any to me

        #allow everything through
        ${fwcmd} add 65000 pass all from any to any
        ;;