From owner-freebsd-pf@FreeBSD.ORG Sun Nov 28 22:28:01 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C498B16A4CE for ; Sun, 28 Nov 2004 22:28:01 +0000 (GMT) Received: from gw02.mail.saunalahti.fi (gw02.mail.saunalahti.fi [195.197.172.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 08ECF43D41 for ; Sun, 28 Nov 2004 22:28:01 +0000 (GMT) (envelope-from gnarlie@ihku.org) Received: from punaposki.rauhankatu.lan (GMMML.dsl.saunalahti.fi [85.76.243.251]) by gw02.mail.saunalahti.fi (Postfix) with ESMTP id D520678865; Mon, 29 Nov 2004 00:27:59 +0200 (EET) To: mzk , freebsd-pf@freebsd.org References: <20041128235145.942843@mzk> Message-ID: Date: Mon, 29 Nov 2004 00:27:58 +0200 From: =?iso-8859-15?Q?mikael_s=F6derholm?= Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-15 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit In-Reply-To: <20041128235145.942843@mzk> User-Agent: Opera M2/7.60 (Linux, build 862) Subject: Re: PF strange problem. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Nov 2004 22:28:01 -0000 If you have 'quick' in the rule it won't go thru any other rules after that. On Sun, 28 Nov 2004 23:51:45 +0200, mzk wrote: > First sorry my English and sorry my other mistakes, but that is my first post in mailing list ever. :-) > Today i understood my pf doesn't work properly. For each host of my network i have 4 rules, 2 out (from int_if) and 2 in like: > > pass out quick on $int_if from to $host queue peering_host_in > pass out quick on $int_if from any to $host queue host_in > pass in quick on $int_if proto { tcp, udp } from $host to port $ports > pass in quick on $int_if proto { tcp, udp } from $host to any port $ports > > The problem is, that the first `peering` rule works like the second one -> it pass everything from anyone using the peering_host_in queue. If i comment it, the second rule works, but that's not the idea. So my international connection (the second rules) is overloaded and i could not make good QoS. I am using GENERIC with these options, added by me -> > > # custom options; > > # pf support; > device pf > device pflog > device pfsync > > # ALTQ options; > options ALTQ #alternate queueing > options ALTQ_CBQ #class based queueing > ##options ALTQ_WFQ #weighted fair queueing > ##options ALTQ_FIFOQ #fifo queueing > options ALTQ_RED #random early detection > ##options ALTQ_FLOWVALVE #flowvalve for RED (needs RED) > options ALTQ_RIO #triple red for diffserv (needs RED) > ##options ALTQ_LOCALQ #local use > options ALTQ_HFSC #hierarchical fair service curve > ##options ALTQ_ECN #ecn extention to tcp (needs RED) > ##options ALTQ_IPSEC #check ipsec in IPv4 > options ALTQ_CDNR #diffserv traffic conditioner > ##options ALTQ_BLUE #blue by wu-chang feng > options ALTQ_PRIQ #priority queue > options ALTQ_NOPCC #don't use processor cycle counter > #options ALTQ_DEBUG #for debugging > > #options IPDIVERT > options IPSTEALTH > #options IPFILTER > > My pf.conf is abot 600 lines, so i will not paste it here. If you request it i can upload it somewhere. Thanks in advance and sorry for every my mistake! > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >