From owner-freebsd-pf@FreeBSD.ORG Tue Jun 19 12:00:15 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3689916A484 for ; Tue, 19 Jun 2007 12:00:15 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id C59B213C44B for ; Tue, 19 Jun 2007 12:00:14 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.66.47.193] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis), id 0ML29c-1I0cNZ2R1z-0002sJ; Tue, 19 Jun 2007 14:00:13 +0200 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Tue, 19 Jun 2007 14:01:45 +0200 User-Agent: KMail/1.9.6 References: <4677BF4A.8000601@techniumcast.com> In-Reply-To: <4677BF4A.8000601@techniumcast.com> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1206709.vNetvt28k8"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200706191401.56528.max@love2party.net> X-Provags-ID: V01U2FsdGVkX18QVuNWEyCJvsTcxZgxuz7l4hJO5qASbRa55cr jN8pjn5Yny3Qk5PFyCppIXs9vwldhKDf2XhzaRKkLAh0onbmGJ JRbpQbV/YZAEt6YCLZtdWAJTa9c3TcrHUYUvNRCYpw= Cc: Subject: Re: firewalling and ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2007 12:00:15 -0000 --nextPart1206709.vNetvt28k8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 19 June 2007, Rob Shepherd wrote: > I've just installed FreeBSD with a view to making a traffic shaping, or > essentially transfer capacity limiting device. > > This must sit on bridged interfaces between org and edge outers. It can be difficult to wrap one's head around traffic shaping on bridges=20 because of the ambiguous of IN/OUT on a bridge. Be sure to filter on the=20 member interfaces instead and apply queueing there. > I'm having some difficulty working out which bits I need, which packet > filter to use and how to get started. > > The appears to be 3 packet filters > > pf,ipf,ipfw > > is this right? ALTQ works with each? ALTQ works with pf and can be used from ipfw, too. You will need pf=20 support regardless. ipf does not support the ALTQ version available in=20 =46reeBSD at this time (afaik). IPFW has dummynet, which can do traffic=20 shaping, too. > additionaly, I don't seem to have any /dev/ entries kldload pf / ipf / ipfw ... or use the rc.d scripts. e.g. "etc/rc.d/pf=20 forcestart" later automate the process by flipping the right switches in=20 rc.conf(5). You can also build the firewalls into your kernel, see the=20 handbook for details. Note, that ALTQ can *not* be loaded as a module=20 and requires a custom kernel instead. > There are many tutorials, but It's impossible to know what is the > current supported filter package, what works best with bridging and > ALTQ and how to test them when there's bit's missing. =46eel free to write down your lessons learned and publish them ;) =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1206709.vNetvt28k8 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGd8W0XyyEoT62BG0RAhpWAJwMsOGicyNcT5o2exOOppOdi3bOugCdH5N4 g2PmDnpTzlX9RG3GQbQj/kE= =rPJM -----END PGP SIGNATURE----- --nextPart1206709.vNetvt28k8--