(ipfw) make room for traffic shaping in ipfw template

2026-03-15 00:54:41 +00:00 · 2015-05-19 20:32:23 +00:00 · 2015-05-19 20:32:23 +00:00 · eb831cfa0f
commit eb831cfa0f
parent 7a0aa2fc7d
1 changed files with 8 additions and 3 deletions
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@ -92,7 +92,7 @@ add {{5000 + item.zoneid|int }} allow ip from any to any dst-port 80 via {{item.
 # accept traffic from all interfaces not used by captive portal
 #======================================================================================
 {% for item in no_cp_interface_list %}
-add {{6001 + loop.index }} allow all from any to any via {{item.if}}
+add {{6001 + loop.index }} skipto 60000 all from any to any via {{item.if}}
 {% endfor %}
 # let the responses from the captive portal web server back out
 add 6200 pass tcp from any to any out
@ -113,10 +113,15 @@ add {{ (item.zoneid|int * 1000) + 10999 }} deny all from any to any not via {{it

 #======================================================================================
 # setup accounting section, first rule is counting all CP traffic
-# rule 65500 unlocks the traffic already authorized from a CP zone
 #======================================================================================
 add 30000 set 0 count ip from any to any
-add 65500 pass ip from any to any
+
+
+#======================================================================================
+# traffic shaping section, authorized traffic 
+#======================================================================================
+add 60000 return via any
+add 65533 pass ip from any to any

 # block all unmatched
 add 65534 deny all from any to any