From owner-freebsd-pf@FreeBSD.ORG  Mon Aug 13 13:28:19 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 920C016A417
	for <freebsd-pf@freebsd.org>; Mon, 13 Aug 2007 13:28:19 +0000 (UTC)
	(envelope-from cmarlatt@rxsec.com)
Received: from core.rxsec.com (core.rxsec.com [64.132.46.102])
	by mx1.freebsd.org (Postfix) with SMTP id 292D513C46C
	for <freebsd-pf@freebsd.org>; Mon, 13 Aug 2007 13:28:18 +0000 (UTC)
	(envelope-from cmarlatt@rxsec.com)
Received: (qmail 83687 invoked by uid 2009); 13 Aug 2007 12:53:43 -0000
Received: from 10.1.0.101 by core.rxsec.com (envelope-from
	<cmarlatt@rxsec.com>, uid 2008) with qmail-scanner-1.25-st-qms 
	(clamdscan: 0.86.2/1102. spamassassin: 3.0.4. perlscan: 1.25-st-qms. 
	Clear:RC:0(10.1.0.101):SA:0(-4.4/5.0):. 
	Processed in 1.592096 secs); 13 Aug 2007 12:53:43 -0000
X-Spam-Status: No, hits=-4.4 required=5.0
X-Antivirus-RXSEC-Mail-From: cmarlatt@rxsec.com via core.rxsec.com
X-Antivirus-RXSEC: 1.25-st-qms (Clear:RC:0(10.1.0.101):SA:0(-4.4/5.0):.
	Processed in 1.592096 secs Process 83670)
Received: from unknown (HELO ?10.1.0.101?) (cmarlatt@rxsec.com@10.1.0.101)
	by core.rxsec.com with SMTP; 13 Aug 2007 12:53:41 -0000
Message-ID: <46C0562A.8060201@rxsec.com>
Date: Mon, 13 Aug 2007 09:01:30 -0400
From: Chris Marlatt <cmarlatt@rxsec.com>
Organization: Receive Security
User-Agent: Thunderbird 1.5.0.12 (X11/20070604)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
References: <46BFD392.2020804@spin.net.id> <20070813043049.GA32692@verio.net>
In-Reply-To: <20070813043049.GA32692@verio.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Using PF + ALTQ in FreeBSD 6.2
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Aug 2007 13:28:19 -0000

David DeSimone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'm curious what you think your router can do to prevent hosts on the
> internet from sending traffic too fast.
> 
> Once you have received the packets, it is too late to limit their
> arrival rate.
> 

Can't ipfw do this through dummynet? It seems to work fine for me in my 
tests.

Now yes it's not really preventing them from sending traffic, but it 
should still be able to queue it and invoke latency to simulate a slower 
link/pipe.

Regards,

	Chris