# ipfw-classifyd -  need explanation



## jishnu (Jan 4, 2012)

Hello.

I am kind of  new to FreeBSD. I've managed to get router work (ipfw+ipnat) but tried also to use ipfw-classifyd (to block or shape p2p). There I have a problem. Can't find some manuals to ipfw-classifyd usage. It doesn't work (no block or cut traffic for p2p)

Here are my files (finally tried to work on examples to understand it).

Firewall rules:

```
#!/bin/sh
#
# Sample ipfw(8) script for use with ipfw-classifyd
#
# $Id: rc.firewall.example 741 2010-03-09 17:29:48Z mtm $
#

fwcmd=/sbin/ipfw
ifn=em0

# Remove all other rules.
#
${fwcmd} -f flush

# Setup a throttled P2P pipe.
#
${fwcmd} pipe 1 config bw 256Kbit/s queue 30
${fwcmd} pipe 2 config bw 256Kbit/s queue 30
# Divert all TCP and UPD packets through our classifier
#
${fwcmd} add 400 divert 7777 tcp from any to any
${fwcmd} add 410 divert 7777 udp from any to any

# Pass unclassified packets
${fwcmd} add 1000 allow all from any to any
# Pipes for throttling packets comming out of the divert(4) socket
#
${fwcmd} add 64000 pipe 1 log ip from any to any in diverted
${fwcmd} add 64001 pipe 2 log ip from any to any out diverted
```

ipfw-classifyd.conf

```
bittorrent      = 1000
edonkey         = 1000
fasttrack       = 1000
gnutella        = 1000
ftp             = 1000
```
Here I tried with other port numers (am I correct, it's destination port of classified packets? Tried 64000 etc) still hasn't worked. So I tried bittorrent, ftp etc. and the traffic is not shaped.

The system is FreeBSD 8.2-RELEASE-p3 GENERIC KERNEL. Needed modules are loaded.

```
Id Refs Address    Size     Name
 1   17 0xc0400000 bd97b4   kernel
 2    1 0xc4a84000 37000    ipl.ko
 3    1 0xc4cbd000 4000     ipdivert.ko
 4    2 0xc4cd0000 11000    ipfw.ko
 5    1 0xc4cc1000 d000     libalias.ko
 6    1 0xc4d91000 e000     dummynet.ko
```
Please enlighten me )


----------



## SirDice (Jan 4, 2012)

As far as I know it's not part of FreeBSD and there's barely any documentation. So your guesses are probably as good as ours.


----------



## JHK (Jan 7, 2012)

ipfw classifyd can not block or deny, classifyd has not implemented, running pipes. You've installed all the protocols, see folder l7-protocols,
Malware folder, extra, protocols, testing, file_types, copy all the *.pat into /usr/local/etc/ipfw-classifyd/protocols.

ipfw-classifyd, current version is from 2010, ipfw-classify-r741
Greetings from Germany
Jens


----------



## jishnu (Jan 8, 2012)

All *.pat are and were in /usr/local/etc/ipfw-classifyd/protocols directory. I am using latest version (ipfw-classifyd-r741) as well.

Seems I will have to cut the traffic manually by shape specific ports.


----------



## JHK (Jan 8, 2012)

```
#!/bin/sh
#
# Sample ipfw(8) script for use with ipfw-classifyd
#
# $Id: rc.firewall.example 741 2010-03-09 17:29:48Z mtm $
#

fwcmd=/sbin/ipfw
ifn=bfe0

# Remove all other rules.
#
${fwcmd} -f flush

# Setup a throttled P2P pipe.
#
${fwcmd} pipe 1 config bw 256Kbit/s queue 30
${fwcmd} pipe 2 config bw 256Kbit/s queue 30

# Divert all TCP and UPD packets through our classifier
#
${fwcmd} add 400 divert 7777 tcp from any to any via ${ifn}
${fwcmd} add 410 divert 7777 udp from any to any via ${ifn}

# Pass unclassified packets
${fwcmd} add 1000 allow ip from any to any

# Pipes for throttling packets comming out of the divert(4) socket
#
${fwcmd} add 64000 pipe 1 log ip from any to any in diverted
${fwcmd} add 64001 pipe 2 log ip from any to any out diverted
```


----------



## JHK (Jan 13, 2012)

can someone build one ipfw classifyd port and expand deny or block
Greetings


----------

