Packet Flow Of Pipe Rule Set To Pipe; Fwdfast Rules Bypass Traffic Shaping - D-Link NetDefend DFL-210 User Manual

10.1.2. Traffic Shaping in
NetDefendOS
When a Pipe Rule is defined, the pipes to be used with that rule are also specified and they are
placed into one of two lists in the Pipe Rule. These lists are:
• The Forward Chain
These are the pipes that will be used for outgoing (leaving) traffic from the D-Link Firewall.
One, none or a series of pipes may be specified.
• The Return Chain
These are the pipes that will be used for incoming (arriving) traffic. One, none or a series of
pipes may be specified.
Figure 10.1. Packet Flow of Pipe Rule Set to Pipe
The pipes that are to be used are specified in a pipe list. If only one pipe is specified then that is the
pipe whose characteristics will be applied to the traffic. If a series of pipes are specified then these
will form a Chain of pipes through which traffic will pass. A chain can be made up of at most 8
pipes.
If no pipe is specified in a list then traffic that matches the rule will not flow through any pipe but it
will also mean that the traffic will not be subject to any other pipe rules found later in the rule set.
Pipes Will Not Work With FwdFast Rules
It is important to understand that traffic shaping will not work with connection that are established
because of a FwdFast rule in the NetDefendOS IP rule set.
The reason for this is that traffic shaping is implemented based on the NetDefendOS state engine
and a FwdFast IP rule does not set up a connection in the state engine. Packets bypass the state
engine and are forwarded to their destination outside the context of a connection. NetDefendOS
traffic shaping only takes account of traffic flowing through a connection.
Figure 10.2. FwdFast Rules Bypass Traffic Shaping
least one rule must be created for traffic shaping to begin to function.
380
Chapter 10. Traffic Management