Mini tutorial: FreeBSD ipfw bandwidth rate limiting


I can never remember how to set it up, so here for my own sake:

First setup a virtual "pipe", for example one like this limiting whatever we put through it to 800Kbit per second:

ipfw pipe 1 config bw 800Kbit

You could also use say bw 70KB to limit to 70KByte per second. There are also a bunch of other parameters for the pipes, but the bandwidth limiter is the most useful for everyday use.

Now setup rules to push traffic through the pipe. For example right now I wanted to limit bittorrent traffic, so I made port 6881 to 6885 go through the pipe:

ipfw add 10 pipe 1 tcp from any to me 6881-6890
ipfw add 11 pipe 1 tcp from any 6881-6890 to me

You can see your pipes with ipfw pipe show (just as you see the regular rules with ipfw show.

Another example, limit the bandwidth from us to another host 10Kbit/sec:

ipfw pipe 2 config bw 10Kbit
ipfw add 15 pipe 2 ip from me to

With this then we can download however fast we want from, but they can only use 10Kbit of our outgoing bandwidth.

Pretty neat, huh?

update: many more examples on Luigi Rizzo's dummynet page...


Have you heard of man-pages? ;-)

mmm more understanable than linux does...

could point me to any complete docs?(beside man(8) ipfw:)


thx bro..

Does it work for source address based upload in case of a NAT router?
I mean you need to limit upload on the external interface, that is AFTER the NAT, so you loose the private source addresses.


Okay guys some of you may be experiencing some probs... in your kernel make sure you have options DUMMYNET

If you don't want to recompile your kernel, put: dummynet_load="YES" in your /boot/loader.conf and then type "kldload dummynet" You don't need to reboot.

note that if you "kldload dummynet" you may kill your network connection; if you don't already have ipfw loaded it will pull it in, and the default policy for ipfw seems to be to deny all packets.

Leave a comment

About this Entry

This page contains a single entry by Ask Bjørn Hansen published on September 22, 2004 7:13 PM.

Find recent content on the main index or look in the archives to find all content.


OpenID accepted here Learn more about OpenID
Powered by Movable Type 4.33-en
/* bf */