YpFw: ipfw frontendYpFw is a frontend to ipfw and dummynet. It was developed to ease the setting and managing of ipfw rules and dummynet pipes.
YpFw is not meant as a replacement to ipfw. In fact, you need to understand ipfw and dummynet rules/pipes syntax to use YpFw.
- add, delete rules
- update, clear rules counters
- add, delete, configure pipes
What are IPFW and Dummynet ?
IPFW, the software supplied with FreeBSD, is a packet filtering and accounting system which resides in the kernel, and has a user-land control utility, ipfw(8). Together, they allow you to define and query the rules used by the kernel in its routing decisions.
There are two related parts to IPFW. The firewall section performs packet filtering. There is also an IP accounting section which tracks usage of the FreeBSD host (which can be a router, a bridge or simply and end host), based on rules similar to those used in the firewall section. This allows the administrator to monitor how much traffic the host is getting from a certain machine.
Please refer to the 'Security Chapter of the FreeBSD Handbook' for a thorough discussion on firewall in FreeBSD.
Dummynet is a flexible tool for bandwidth management and for testing networking protocols. It works by intercepting packets in their way through the protocol stack, and passing them through one or more pipes which simulate the effects of bandwidth limitations, propagation delays, bounded-size queues, packet losses, etc.
Each pipe can be configured separately, and packets are forwarded to the appropriate pipe using the ipfw packet filter. Thus you can apply different limitations/delays to different traffic according to the ipfw rules (e.g. selecting on protocols, addresses and ports ranges, interfaces, etc.).
An introduction to dummynet can be found here. A more detailed discussion can be found in the manual pages of ipfw(8) and dummynet(4).
DownloadDownload YpFw here or read the source code here.
NotesTo run YpFw you need:
- FreeBSD > 3.4 (YpFw requires ipfw and dummynet)
uname -ain a shell to find out what version of FreeBSD you're running. Ipfw and dummynet come standard with FreeBSD.
- Python > 2.2
python -Vin a shell to find out what version of python you have. If you don't have python installed in your system just run as root
pkg_add -r python.
- Get the archive from the download section
- Extract the archive (
tar zxvf ypfw-0.8.tgz) and cd into the newly created directory.
- Use the UP/DOWN keys to select the different rules/pipes.
- Use the TAB key to switch between rules and pipes view.
- Use the 'a' key to add rules or pipes. A popup window will ask you for more specific information: for rules you must enter the exact ipfw command (as when you use ipfw); for pipes just enter the pipe number, you will be able to configure the pipe later. For e.g.:
In a shell you would type:
ipfw add 10 allow ip from any to any bridged
- press 'a'
10 allow ip from any to any bridgedand press ENTER
- Use the 'd' key to delete rules or pipes.
- Use the 'u' key to update the display of rules or pipes
- (for pipes only) Use the 'c' key to configure the pipe. Enter the exact ipfw command line arguments to configure the pipe. For e.g.:
In a shell you would type :
ipfw pipe 1 config delay 50ms
- select or create pipe 1
- press 'c'
delay 50msand press ENTER
Random usage notes
- The bottom bar of the display always shows the possible key actions for the current view.
- The input dialogs always save the last entry and the next time they are brought up they already contain the old entry. You can either delete it (with backspace orCtrl-H depending on your terminal settings), modify it (use the left/right arrows to move the cursor, Ctrl-A and Ctrl-E move the cursor to respectively the beginning and the end of the input field) or reuse the exact same entry!