From eb831cfa0fde88a8465fb652f84790d215e2d99e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 19 May 2015 20:32:23 +0000
Subject: [PATCH] (ipfw) make room for traffic shaping in ipfw template

---
 .../service/templates/OPNsense/IPFW/ipfw.conf         | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
index 9458d6095..c2f99c186 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
+++ b/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf
@@ -92,7 +92,7 @@ add {{5000 + item.zoneid|int }} allow ip from any to any dst-port 80 via {{item.
 # accept traffic from all interfaces not used by captive portal
 #======================================================================================
 {% for item in no_cp_interface_list %}
-add {{6001 + loop.index }} allow all from any to any via {{item.if}}
+add {{6001 + loop.index }} skipto 60000 all from any to any via {{item.if}}
 {% endfor %}
 # let the responses from the captive portal web server back out
 add 6200 pass tcp from any to any out
@@ -113,10 +113,15 @@ add {{ (item.zoneid|int * 1000) + 10999 }} deny all from any to any not via {{it
 
 #======================================================================================
 # setup accounting section, first rule is counting all CP traffic
-# rule 65500 unlocks the traffic already authorized from a CP zone
 #======================================================================================
 add 30000 set 0 count ip from any to any
-add 65500 pass ip from any to any
+
+
+#======================================================================================
+# traffic shaping section, authorized traffic 
+#======================================================================================
+add 60000 return via any
+add 65533 pass ip from any to any
 
 # block all unmatched
 add 65534 deny all from any to any