From owner-freebsd-pf@freebsd.org Tue Jul 19 10:41:07 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 82453B9E366 for ; Tue, 19 Jul 2016 10:41:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 66E2015BA for ; Tue, 19 Jul 2016 10:41:07 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u6JAf7EH012077 for ; Tue, 19 Jul 2016 10:41:07 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-pf@FreeBSD.org Subject: [Bug 210924] 10.3-STABLE - PF - possible regression in pf.conf set timeout interval Date: Tue, 19 Jul 2016 10:41:07 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 10.3-STABLE X-Bugzilla-Keywords: patch, regression X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: lists@peter.de.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-pf@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jul 2016 10:41:07 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210924 --- Comment #4 from Oliver Peter --- (In reply to Kristof Provost from comment #3) Thanks, of course this is the better approach. Looks good so far for me: oliver@wayne pfctl % cat /etc/pf.conf set timeout interval 5 altq on em0 hfsc bandwidth 1Mb queue { ftp, ssh, icmp, other } queue ftp bandwidth 30% priority 0 hfsc (upperlimit 99%) queue ssh bandwidth 30% priority 2 hfsc (upperlimit 99%) queue icmp bandwidth 10% priority 2 hfsc (upperlimit 99%) queue other bandwidth 30% priority 1 hfsc (default upperlimit 99%) pass out quick on em0 inet proto tcp from any port 21 to any queue ftp pass out quick on em0 inet proto tcp from any port 22 to any queue ssh pass out quick on em0 inet proto icmp from any to any queue icmp pass out quick on em0 all pass keep state oliver@wayne pfctl % sudo pfctl -f /etc/pf.conf oliver@wayne pfctl % uname -a FreeBSD wayne.lab.home.gfuzz.de 12.0-CURRENT FreeBSD 12.0-CURRENT #2 575d5bb(master)-dirty: Mon Jul 18 15:40:49 CEST 2016=20=20=20=20 root@wayne.lab.home.gfuzz.de:/usr/obj/usr/src/sys/WAYNE i386 However, since I'm not familiar with the new CODELQ syntax, I'm not able to= do extended tests. Perhaps you could point out some documentation as you mentioned it has been imported into 10.3 already. --=20 You are receiving this mail because: You are the assignee for the bug.=