YpFw: ipfw frontend

YpFw is a frontend to ipfw and dummynet. It was developed to ease the setting and managing of ipfw rules and dummynet pipes.
It features: YpFw is not meant as a replacement to ipfw. In fact, you need to understand ipfw and dummynet rules/pipes syntax to use YpFw.

Screenshot

ypfw screenshot

What are IPFW and Dummynet ?

IPFW

IPFW, the software supplied with FreeBSD, is a packet filtering and accounting system which resides in the kernel, and has a user-land control utility, ipfw(8). Together, they allow you to define and query the rules used by the kernel in its routing decisions.

There are two related parts to IPFW. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the FreeBSD host (which can be a router, a bridge or simply and end host), based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the host is getting from a certain machine.

Please refer to the 'Security Chapter of the FreeBSD Handbook' for a thorough discussion on firewall in FreeBSD.

Dummynet

Dummynet is a flexible tool for bandwidth management and for testing networking protocols. It works by intercepting packets in their way through the protocol stack, and passing them through one or more pipes which simulate the effects of bandwidth limitations, propagation delays, bounded-size queues, packet losses, etc.

Each pipe can be configured separately, and packets are forwarded to the appropriate pipe using the ipfw packet filter. Thus you can apply different limitations/delays to different traffic according to the ipfw rules (e.g. selecting on protocols, addresses and ports ranges, interfaces, etc.).

An introduction to dummynet can be found here. A more detailed discussion can be found in the manual pages of ipfw(8) and dummynet(4).

Download

Download YpFw here or read the source code here.

Notes

To run YpFw you need:

Installation/Using Notes

  1. Get the archive from the download section
  2. Extract the archive (tar zxvf ypfw-0.8.tgz) and cd into the newly created directory.
  3. run ./ypfw
  4. Use the UP/DOWN keys to select the different rules/pipes.
  5. Use the TAB key to switch between rules and pipes view.
  6. Use the 'a' key to add rules or pipes. A popup window will ask you for more specific information: for rules you must enter the exact ipfw command (as when you use ipfw); for pipes just enter the pipe number, you will be able to configure the pipe later. For e.g.:
    In a shell you would type:
    ipfw add 10 allow ip from any to any bridged
    In YpFw:
    • press 'a'
    • enter 10 allow ip from any to any bridged and press ENTER
  7. Use the 'd' key to delete rules or pipes.
  8. Use the 'u' key to update the display of rules or pipes
  9. (for pipes only) Use the 'c' key to configure the pipe. Enter the exact ipfw command line arguments to configure the pipe. For e.g.:
    In a shell you would type :
    ipfw pipe 1 config delay 50ms
    In YpFw:
    • select or create pipe 1
    • press 'c'
    • enter delay 50ms and press ENTER

Random usage notes


Last Updated: Sunday 25-Jan-2004 12:49:27 EST | Maintained by: Grenville Armitage (garmitage@swin.edu.au) | Authorised by: Grenville Armitage (garmitage@swin.edu.au)