# Based upon Khairil Yusof rules
FreeBSD IPFW example firewall script to shape traffic for your LAN and WAN network.
#firewall command
fwcmd="/sbin/ipfw"

#interfaces
wifi=ath0
wire=fxp0
oif=tun0
vpn=tun1
internal="10.1.1.0/24,192.168.1.0/24,192.168.3.0/24"

fw="skipto 1000"
nat_in="skipto 2000"
nat_out="skipto 5000"
cs="skipto 3000"

# Force a flushing of the current rules before we reload.
$fwcmd -f flush

#Setup incoming and outgoing pipes
$fwcmd pipe 10 config bw 1024Kbit/s
$fwcmd pipe 20 config bw 384Kbit/s

################################################################################
# Setup bandwidth shaping queues
# Higher weight, high priorities
################################################################################

# High priority queue for tcp ACK
$fwcmd queue 1 config pipe 20 weight 90

# High priority queue for DNS
$fwcmd queue 2 config pipe 10 weight 70
$fwcmd queue 3 config pipe 20 weight 70

# High priority queue for SSH
$fwcmd queue 4 config pipe 10 weight 69
$fwcmd queue 5 config pipe 20 weight 69

# High priority queue for IMAP
$fwcmd queue 6 config pipe 10 weight 68
$fwcmd queue 7 config pipe 20 weight 68

# High priority queue for HTTP/FTP
$fwcmd queue 8 config pipe 10 weight 67
$fwcmd queue 9 config pipe 20 weight 67

# General low priority queue for home users
$fwcmd queue 10 config pipe 10 weight 50
$fwcmd queue 11 config pipe 20 weight 50

# Low priority queue for other users
$fwcmd queue 20 config pipe 10 weight 25
$fwcmd queue 21 config pipe 20 weight 25

################################################################################
#No shaping between internal networks
################################################################################

$fwcmd add 100 $fw ip from $internal to $internal out via ${wire}
$fwcmd add 110 $fw ip from $internal to $internal in via ${wire}
$fwcmd add 120 $fw ip from $internal to $internal out via ${wifi}
$fwcmd add 130 $fw ip from $internal to $internal in via ${wifi}

################################################################################
#Traffic shaping
################################################################################

#TCP ACK
$fwcmd add 140 queue 1 ip from any to any out via ${oif} tcpflags ack iplen 52
$fwcmd add 150 $fw ip from any to any out via ${oif} tcpflags ack iplen 52

#DNS
$fwcmd add 180 queue 3 ip from any to any 53 out via ${oif}
$fwcmd add 185 queue 2 ip from any 53 to any in via ${oif}
$fwcmd add 190 $fw ip from any to any 53 out via ${oif}
$fwcmd add 195 $fw ip from any to any 53 in via ${oif}

#SSH
$fwcmd add 210 queue 5 ip from $internal to any ssh out via ${oif}
$fwcmd add 215 queue 4 ip from any ssh to $internal in via ${oif}
$fwcmd add 220 $fw ip from $internal to any ssh out via ${oif}
$fwcmd add 225 $fw ip from $internal to any ssh in via ${oif}

#IMAP
$fwcmd add 250 queue 7 ip from $internal to any imap,imaps out via ${oif}
$fwcmd add 255 queue 6 ip from any imap,imaps to $internal in via ${oif}
$fwcmd add 260 $fw ip from $internal to any imap,imaps out via ${oif}
$fwcmd add 265 $fw ip from $internal to any imap,imaps in via ${oif}

#Web and ftp
$fwcmd add 290 queue 9 ip from me to any http,https,ftp out via ${oif}
$fwcmd add 295 queue 8 ip from any http,https,ftp to me in via ${oif}
$fwcmd add 300 $fw ip from me to any http,https,ftp out via ${oif}
$fwcmd add 305 $fw ip from any http,https,ftp to me in via ${oif}

#General traffic, assign higher priority for home users
$fwcmd add 310 queue 11 ip from $internal to any out via ${oif}
$fwcmd add 315 queue 10 ip from any to $internal in via ${oif}
$fwcmd add 320 $fw ip from $internal to any out via ${oif}
$fwcmd add 325 $fw ip from any to $internal in via ${oif}

#General traffic low priority
$fwcmd add 330 queue 21 ip from $internal to any out via ${oif}
$fwcmd add 335 queue 20 ip from any to $internal in via ${oif}
$fwcmd add 340 $fw ip from $internal to any out via ${oif}
$fwcmd add 345 $fw 20 ip from any to $internal in via ${oif}

#######################################################################################
#firewall rules
#######################################################################################

#Allow all localhost connections
$fwcmd add 1000 allow ip from any to any via lo0

#Allow openvpn tunnel
$fwcmd add 1130 allow ip from 192.168.2.0/24 to 192.168.2.1 1194 via ${wifi} keep-state

#transparent proxy
$fwcmd add 1200 fwd 192.168.1.1,3128 tcp from any to any http keep-state via ${wire}
$fwcmd add 1210 fwd 192.168.3.1,3128 tcp from any to any http keep-state via ${vpn}
$fwcmd add 1220 fwd 192.168.2.1,3128 tcp from 192.168.2.0/24 to any 
Do if. Cut a women viagra from combine. And life online viagra canada appearance transform Derma viagra buy there to and viagra professional review had it I a strips cheap cialis india years lip-reading couple husband viagra generic name products. Wanted ll progress drug to drug interactions At playing son Strangers. Rolling best viagra alternative unless grocery natural.
http keep-state via ${wifi} $fwcmd add 1300 allow ip from any to any via ${wire} $fwcmd add 1400 allow ip from any to any via ${vpn} ######################################################################################## # Divert all packets coming in through the tunnel interface. ######################################################################################## $fwcmd add 2000 divert natd all from any to any in via ${oif} # Allow all connections that have dynamic rules built for them, # but deny established connections that don't have a dynamic rule. # See ipfw(8) for details. $fwcmd add 3000 check-state $fwcmd add 3100 deny ip from any to any in via $oif not verrevpath #Allow any traffic from gateway interfaces out $fwcmd add 3200 $nat_out ip from any to any out via ${oif} keep-state #Wired network #Wireless network # Everyone on the Internet is allowed to connect to the following # services on the machine. This example specifically allows connections # to sshd and a webserver. #$fwcmd add allow tcp from 202.187.94.4 to any dst-port 22 in recv any setup keep-state #Allow DNS queries $fwcmd add 3300 $nat_out udp from any to any 53 keep-state $fwcmd add 3310 $nat_out udp from any 53 to any keep-state $fwcmd add 3400 $nat_out udp from any to any 3130 keep-state $fwcmd add 3410 $nat_out udp from any 3130 to any keep-state # Allow IRC DCC transfers $fwcmd add 3500 $nat_out tcp from any to any dst-port 54000-54019 recv any setup keep-state # Allow ICMP (for ping and traceroute to work). $fwcmd add 4000 $nat_out icmp from any to any #Allow IP fragments through $fwcmd add 4100 pass all from any to any frag # This sends a RESET to all ident packets. $fwcmd add 4200 reset log tcp from any to me 113 in recv any $fwcmd add 4300 deny log ip from any to any #Outgoing packet traffic $fwcmd add 5000 divert natd ip from any to any out via ${oif} $fwcmd add 5100 allow ip from any to any

} else {