From owner-freebsd-pf@FreeBSD.ORG Sun Feb 10 16:47:27 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D539516A421 for ; Sun, 10 Feb 2008 16:47:27 +0000 (UTC) (envelope-from amb@amb.kiev.ua) Received: from simq2-srv.bellnexxia.net (simq2.bellnexxia.net [206.47.199.152]) by mx1.freebsd.org (Postfix) with ESMTP id 7CE4413C478 for ; Sun, 10 Feb 2008 16:47:27 +0000 (UTC) (envelope-from amb@amb.kiev.ua) Received: from simip9.srvr.bell.ca ([206.47.199.87]) by simmts12-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20080210154627.ECAA1586.simmts12-srv.bellnexxia.net@simip9.srvr.bell.ca> for ; Sun, 10 Feb 2008 10:46:27 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CABarrkecIr7C/2dsb2JhbACBWaRe Received: from stjhnbsu84w-156034190194.nb.aliant.net (HELO amb.homeunix.org) ([156.34.190.194]) by alconsout.srvr.bell.ca with ESMTP; 10 Feb 2008 10:46:19 -0500 Received: from server.amb.kiev.ua ([10.15.25.2] helo=amb.kiev.ua) by amb.homeunix.org with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1JOENl-0009FV-2n for freebsd-pf@freebsd.org; Sun, 10 Feb 2008 11:46:17 -0400 Message-ID: <47AF1C49.2020104@amb.kiev.ua> Date: Sun, 10 Feb 2008 11:46:17 -0400 From: Andrew Birukov User-Agent: Thunderbird 2.0.0.9 (X11/20080122) MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 10.15.25.2 X-SA-Exim-Rcpt-To: freebsd-pf@freebsd.org X-SA-Exim-Mail-From: amb@amb.kiev.ua X-SA-Exim-Scanned: No (on amb.homeunix.org); SAEximRunCond expanded to false Subject: PF TOS and keep state X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Feb 2008 16:47:27 -0000 I have 2 pf.conf - one of them is working properly, but another one is not working at all. Could you please help me to explain why? FreeBSD 7.0-RC2 This pf.conf is working fine. -------------------------------------------------------- ext_if="xl0" altq on $ext_if priq bandwidth 520Kb queue { traf, torrent, ssh} queue torrent priority 0 queue traf priority 1 priq(default) queue ssh priority 2 pass in on $ext_if all no state pass out quick on $ext_if proto tcp from any to any port 22 \ no state queue ssh pass out quick on $ext_if proto tcp from 10.15.25.2 to any tos 0x2 \ no state queue torrent pass out on $ext_if all no state ---------------------------------------------------------- This pf.conf is not working properly. Queue torrent isn't matching packets. ---------------------------------------------------------- ext_if="xl0" altq on $ext_if priq bandwidth 520Kb queue { traf, torrent, ssh} queue torrent priority 0 queue traf priority 1 priq(default) queue ssh priority 2 pass in on $ext_if all pass out quick on $ext_if proto tcp from any to any port 22 \ queue ssh pass out quick on $ext_if proto tcp from 10.15.25.2 to any tos 0x2 \ queue torrent pass out on $ext_if all queue traf ----------------------------------------------------------- I see the differens between those two pf.conf. The first one is not using "keep state", the second is using it. Is it possible to use both options "tos" and "keep state" at the same time? -- Andrew Biriukov amb@amb.kiev.ua